Google publicly discloses macOS zero-day flaw after Apple misses 90-day bug-fix deadline
Tuesday March 5, 2019. 05:30 PM , from Mac Daily News
“Google has publicly disclosed a zero-day flaw in Apple’s macOS after the Cupertino mobe-maker failed to fix the security shortcoming within the ad giant’s 90-day deadline,” Shaun Nichols reports for The Register.
“The vulnerability itself is relatively minor in terms of danger: it allows malware already running on your Mac, or a rogue logged-in user, to potentially escalate their privileges, and fully take over the computer, by secretly altering the contents of files on user-mounted disks without you noticing,” Nichols reports. “Thus, to exploit the weakness, your computer already has to be compromised, which is pretty much game over for most folks.”
“However, this is Google dropping a proof-of-concept exploit on a tech rival, and it’s therefore caught everyone’s attention,” Nichols reports. “While the Project Zero team says that Apple is aware of the issue and has been planning to patch it, the deadline has passed, meaning the bug and its proof-of-concept exploit are now publicly disclosed as a zero day. It’s not the first time Google has done this, though it’s usually Microsoft that misses the deadline.”
Read more in the full article here.
MacDailyNews Take: We agree with Nichols who posits that because “the bug is so esoteric, it’s probably way down Apple’s to-do list.”
In a nutshell: NBD.
Jan, Wed 22 - 00:48 CET