You can bet that some people at 1 Infinite Loop are not happy with Google at the moment as the company has disclosed a rather severe security vulnerability in OS X:
networkd is the system daemon which implements the com.apple.networkd XPC service. It’s unsandboxed but runs as its own user. com.apple.networkd is reachable from many sandboxes including the Safari WebProcess and ntpd (plus all those which allow system-network.)
Here’s the translation: networkd can be exploited by some evil doer so that they can escape the protections that OS X has (known as sandboxing) to cause havoc on your system. So far this has only been tested on OS X 10.9.5 (Mavericks), but other versions of OS X could have this issue. The reason for the publication of this threat is that Apple has failed to produce a fix within the 90 day period for disclosure set by Google. I’m not sure who died and made Google the ruler of the universe as you’d think that they would work with Apple a bit better and not make this public. But having said that you can bet Apple is working on a fix for this as we speak. Or at least one would hope so.
Like this:
Like Loading...
Related
This entry was posted on January 22, 2015 at 10:26 am and is filed under Commentary with tags Apple, Google, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Google Discloses Apple Security Issue
You can bet that some people at 1 Infinite Loop are not happy with Google at the moment as the company has disclosed a rather severe security vulnerability in OS X:
networkd is the system daemon which implements the com.apple.networkd XPC service. It’s unsandboxed but runs as its own user. com.apple.networkd is reachable from many sandboxes including the Safari WebProcess and ntpd (plus all those which allow system-network.)
Here’s the translation: networkd can be exploited by some evil doer so that they can escape the protections that OS X has (known as sandboxing) to cause havoc on your system. So far this has only been tested on OS X 10.9.5 (Mavericks), but other versions of OS X could have this issue. The reason for the publication of this threat is that Apple has failed to produce a fix within the 90 day period for disclosure set by Google. I’m not sure who died and made Google the ruler of the universe as you’d think that they would work with Apple a bit better and not make this public. But having said that you can bet Apple is working on a fix for this as we speak. Or at least one would hope so.
Share this:
Like this:
Related
This entry was posted on January 22, 2015 at 10:26 am and is filed under Commentary with tags Apple, Google, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.