Full Report
Google's Project Zero has released information on three as yet unpatched vulnerabilities in Apple's OS X operating system, reports Ars Technica.
Analysis Summary
# Vulnerability: Trio of Unpatched Security Vulnerabilities in OS X
## CVE Details
- CVE ID: Not specified in the article (Google Project Zero disclosed three vulnerabilities, but specific CVEs are omitted).
- CVSS Score: Not specified in the article.
- CWE: Not specified in the article.
## Affected Systems
- Products: Apple OS X
- Versions: Not specifically listed, but the context implies versions prior to the patches addressing these issues (including potentially older versions than OS X Yosemite for the first issue).
- Configurations: Requires an attacker to have access to a targeted Mac.
## Vulnerability Description
Google's Project Zero disclosed three distinct, unpatched vulnerabilities in Apple's OS X operating system:
1. **Network System Command Circumvention:** Relates to bypassing commands within the network system, though the article notes this "may already be a non-issue for users on OS X Yosemite."
2. **Kernel Code Execution (IOKit):** Specifically documented as "OS X IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator."
3. **Kernel Structure Exploit:** A third vulnerability relating to the OS X kernel structure.
All three exploits require the attacker to have access to the targeted Mac.
## Exploitation
- Status: Unpatched vulnerabilities disclosed. The article implies these were zero-days disclosed after the 90-day Project Zero deadline, but does not explicitly state if they were exploited in the wild prior to disclosure.
- Complexity: Not explicitly rated, but kernel code execution and circumvention vulnerabilities typically imply significant complexity unless the attack vector is trivialized.
- Attack Vector: Local access to the targeted Mac is required for exploitation.
## Impact
- Confidentiality: Likely High (especially for kernel exploits).
- Integrity: Likely High (especially for kernel exploits).
- Availability: Likely Medium to High (kernel compromises can lead to system instability or crashes).
## Remediation
### Patches
- **Available Patches:** Not specified in the article. The vulnerabilities were disclosed *before* Apple confirmed releasing patches, as Apple typically waits until patches are available before commenting.
### Workarounds
- No specific workarounds were detailed in the article.
## Detection
- **Indicators of Compromise:** Not specified in the article.
- **Detection Methods and Tools:** Not specified in the article.
## References
- [Ars Technica report concerning disclosure](http://arstechnica.com/security/2015/01/google-drops-three-os-x-0days-on-apple) (Defanged: hxxp://arstechnica.com/security/2015/01/google-drops-three-os-x-0days-on-apple)
- [CNET description](http://www.cnet.com/uk/news/google-team-finds-three-severe-vulnerabilities-in-apple-os-x/?) (Defanged: hxxp://www.cnet.com/uk/news/google-team-finds-three-severe-vulnerabilities-in-apple-os-x/?)
- [Engadget report on disclosure timing](http://www.engadget.com/2015/01/23/google-reveals-zero-day-mac-exploits/) (Defanged: hxxp://www.engadget.com/2015/01/23/google-reveals-zero-day-mac-exploits/)
- [Apple Security Page standard response regarding disclosures](https://www.apple.com/asia/support/security/) (Defanged: hxxps://www.apple.com/asia/support/security/)