ahlam1399
01-23-2015, 08:10 PM
Google's security team, Project Zero, this week disclosed to the public several security vulnerabilities in OS X, some three months after the issue were shared with Apple (via Ars Technica (http://arstechnica.com/security/2015/01/google-drops-three-os-x-0days-on-apple/)). While Apple has **t commented officially on the issues, it appears one has already been *****ed and iMore reports (http://www.imore.com/latest-os-x-10102-beta-kills-google-disclosed-vulnerabilities-dead) the remaining two are fixed in OS X 10.10.2, which is currently in developer testing.
http://cdn.macrumors.com/article-new/2014/11/macbook_air_yosemite-800x450.jpg
Project Zero (http://googleonlinesecurity.blogspot.com/2014/07/an**uncing-project-zero.html) works to discover security vulnerabilities of various operating systems and software, giving their owners 90 days **tice to ***** the issues before publishing their findings to the public. In their markup of Apple's OS X, problems involving memory corruption, kernel code execution, and a sandbox escape were all discovered by the team. Ars Technica **tes:At first glance, **ne of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. [...]
Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide e**ugh technical detail for experienced ******s to write malicious attacks that target the previously unk**wn vulnerabilities.As the 90-day deadline hit during the week, the group began (https://code.google.com/p/google-security-research/issues/detail?id=136&q=label%3AVendor-Apple) posting (https://code.google.com/p/google-security-research/issues/detail?id=135&q=label%3AVendor-Apple) its findings (https://code.google.com/p/google-security-research/issues/detail?id=130&q=label%3AVendor-Apple) online. Google's **tes suggest one of the vulnerabilities was fixed with the release of OS X Yosemite, while the other two remained unaddressed.
But as pointed out by iMore (http://www.imore.com/latest-os-x-10102-beta-kills-google-disclosed-vulnerabilities-dead), Apple's incoming OS X 10.10.2 update does indeed include fixes for the remaining two vulnerabilities exposed by Project Zero.[B]ased on the latest build of OS X 10.10.2, seeded [Wednesday (http://www.macrumors.com/2015/01/21/apple-seeds-10-10-2-beta-six/)] to developers, Apple has already fixed all of the vulnerabilities listed above. That means the fixes will be available to everyone running Yosemite as soon as 10.10.2 goes into general availability.Google's Project Zero has been disclosing significant security vulnerabilities for a number of months **w, previously discovering (http://arstechnica.com/information-tech**logy/2015/01/google-drops-more-*******-0-days-somethings-gotta-give/) a few significant ******* issues and sharing them online. The project shines light on much-needed fixes to various operating systems, but sometimes undercuts the point of security, as in that ******* case that's left users' systems more vulnerable with the publicized k**wledge before Microsoft could properly fix it. Still, the 90-day window before public disclosure is intended to give companies time to fix the issues while also giving them incentive to do so in a timely fashion.http://rss.feedsportal.com/c/35070/f/648326/s/42a3d67f/sc/4/mf.gif
http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/rc/1/rc.img (http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/rc/1/rc.htm)
http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/rc/2/rc.img (http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/rc/2/rc.htm)
http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/rc/3/rc.img (http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/rc/3/rc.htm)
http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/a2.img (http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/a2.htm)http://pi.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/a2t.imghttp://feeds.feedburner.com/~ff/MacRumors-All?d=yIl2AUoC8zA (http://feeds.macrumors.com/~ff/MacRumors-All?a=urUorHjByCI:vw0yYM_vQEc:yIl2AUoC8zA) http://feeds.feedburner.com/~ff/MacRumors-All?d=6W8y8wAjSf4 (http://feeds.macrumors.com/~ff/MacRumors-All?a=urUorHjByCI:vw0yYM_vQEc:6W8y8wAjSf4)
https://hameed.nwar.uk/vb//feeds.feedburner.com/~r/MacRumors-All/~4/urUorHjByCI
أكثر... (http://www.macrumors.com/2015/01/23/os-x-10-10-2-fix-project-zero-flaws/)
http://cdn.macrumors.com/article-new/2014/11/macbook_air_yosemite-800x450.jpg
Project Zero (http://googleonlinesecurity.blogspot.com/2014/07/an**uncing-project-zero.html) works to discover security vulnerabilities of various operating systems and software, giving their owners 90 days **tice to ***** the issues before publishing their findings to the public. In their markup of Apple's OS X, problems involving memory corruption, kernel code execution, and a sandbox escape were all discovered by the team. Ars Technica **tes:At first glance, **ne of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. [...]
Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide e**ugh technical detail for experienced ******s to write malicious attacks that target the previously unk**wn vulnerabilities.As the 90-day deadline hit during the week, the group began (https://code.google.com/p/google-security-research/issues/detail?id=136&q=label%3AVendor-Apple) posting (https://code.google.com/p/google-security-research/issues/detail?id=135&q=label%3AVendor-Apple) its findings (https://code.google.com/p/google-security-research/issues/detail?id=130&q=label%3AVendor-Apple) online. Google's **tes suggest one of the vulnerabilities was fixed with the release of OS X Yosemite, while the other two remained unaddressed.
But as pointed out by iMore (http://www.imore.com/latest-os-x-10102-beta-kills-google-disclosed-vulnerabilities-dead), Apple's incoming OS X 10.10.2 update does indeed include fixes for the remaining two vulnerabilities exposed by Project Zero.[B]ased on the latest build of OS X 10.10.2, seeded [Wednesday (http://www.macrumors.com/2015/01/21/apple-seeds-10-10-2-beta-six/)] to developers, Apple has already fixed all of the vulnerabilities listed above. That means the fixes will be available to everyone running Yosemite as soon as 10.10.2 goes into general availability.Google's Project Zero has been disclosing significant security vulnerabilities for a number of months **w, previously discovering (http://arstechnica.com/information-tech**logy/2015/01/google-drops-more-*******-0-days-somethings-gotta-give/) a few significant ******* issues and sharing them online. The project shines light on much-needed fixes to various operating systems, but sometimes undercuts the point of security, as in that ******* case that's left users' systems more vulnerable with the publicized k**wledge before Microsoft could properly fix it. Still, the 90-day window before public disclosure is intended to give companies time to fix the issues while also giving them incentive to do so in a timely fashion.http://rss.feedsportal.com/c/35070/f/648326/s/42a3d67f/sc/4/mf.gif
http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/rc/1/rc.img (http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/rc/1/rc.htm)
http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/rc/2/rc.img (http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/rc/2/rc.htm)
http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/rc/3/rc.img (http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/rc/3/rc.htm)
http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/a2.img (http://da.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/a2.htm)http://pi.feedsportal.com/r/218610986034/u/49/f/648326/c/35070/s/42a3d67f/sc/4/a2t.imghttp://feeds.feedburner.com/~ff/MacRumors-All?d=yIl2AUoC8zA (http://feeds.macrumors.com/~ff/MacRumors-All?a=urUorHjByCI:vw0yYM_vQEc:yIl2AUoC8zA) http://feeds.feedburner.com/~ff/MacRumors-All?d=6W8y8wAjSf4 (http://feeds.macrumors.com/~ff/MacRumors-All?a=urUorHjByCI:vw0yYM_vQEc:6W8y8wAjSf4)
https://hameed.nwar.uk/vb//feeds.feedburner.com/~r/MacRumors-All/~4/urUorHjByCI
أكثر... (http://www.macrumors.com/2015/01/23/os-x-10-10-2-fix-project-zero-flaws/)