After exposing three critical zero-day vulnerabilities in Microsoft's Windows operating systems, Google's Project Zero vulnerability research program has revealed the existence of three more zero-day vulnerabilities, but this time, on Apple's OS X platform.
The team has published three zero-day exploits for Apple’s OS X, with sufficient information for an experienced hacker to exploit the bugs in an attack. Of course, the details about the zero-days were not released without alerting Apple to these issues.
FIRST ZERO-DAY VULNERABILITY
The first flaw, "OS X networkd 'effective_audit_token' XPC type confusion sandbox escape," allows an attacker to pass arbitrary commands to the networkd OS X system daemon because it does not check its input properly.
The flaw may already have been mitigated in OS X Yosemite, but there is no clear explanation of whether this is the case.