Google’s ‘Project Zero’ Hid A Major Vulnerability in Apple’s OS and iOS Cores
Category: Без рубрики
In June Google’s task-force against zero day exploits “identified a coding exploit in the underlying kernel of Apple’s OSX and it’s mobile operating system iOS, which could allow for root-level escalation of privileges for an attacker in a non-updated version of the OS,” according to The Stack.
An anonymous reader writes that Google “initially refused Apple’s request for sixty days’ grace, but eventually settled on September 21st for disclosure. But when Apple’s last-minute September fix turned out to be ineffective, Project Zero agreed to keep quiet, eventually granting Apple nearly five months of silence about the task_t bug — which has now been fixed in the latest updates to Mac OS and iOS.” The fix was released Monday, the Stack reports: Since the task_t bug allows the user to gain any entitlements they may want, it could also nullify kernel code signing, which would allow unauthorized programs to run with elevated privileges on a Mac system. Any current OSX or iOS user who has applied the latest system updates is not susceptible to the task_t vulnerability.