Provided by experts data contains enough information to write an exploit.
The site of the research program established by Google Project Zero was published information about zero-day vulnerabilities in OS X operating system from Apple.
Over the past two days, Project Zero revealed details about the various vulnerabilities in OS X three times (here zdesizdes). None of these flaws on closer inspection is not critical, since they all assume that the attacker has access to the system.
Moreover, the impact of the first gap, according to preliminary data, was significantly mitigated by the latest version of OS X Yosemite. However, researchers in the notice Google is no clear evidence of this.
All of these gaps can be found by intruders during one attack to increase their own privileges and take control of the affected system. In addition, the availability of PoC-code provides a sufficient amount of technical information to create an exploit.
It should also be noted that the details mentioned Brescia were transferred to Apple in the period from 20 to 23 October 2014. Now they were released automatically after 90 days from the date of notification of developers.
Source: securitylab.ru
The site of the research program established by Google Project Zero was published information about zero-day vulnerabilities in OS X operating system from Apple.
Over the past two days, Project Zero revealed details about the various vulnerabilities in OS X three times (here zdesizdes). None of these flaws on closer inspection is not critical, since they all assume that the attacker has access to the system.
Moreover, the impact of the first gap, according to preliminary data, was significantly mitigated by the latest version of OS X Yosemite. However, researchers in the notice Google is no clear evidence of this.
All of these gaps can be found by intruders during one attack to increase their own privileges and take control of the affected system. In addition, the availability of PoC-code provides a sufficient amount of technical information to create an exploit.
It should also be noted that the details mentioned Brescia were transferred to Apple in the period from 20 to 23 October 2014. Now they were released automatically after 90 days from the date of notification of developers.
Source: securitylab.ru
No comments:
Post a Comment