Google’s controversial Project Zero – which some say pressurizes tech companies into fixing problems within a 90-day window – has unearthed three high-risk vulnerabilities within the Apple OS X operating system. The bugs allow attackers to take over machines if they have access to it.
Apple was first told about the problem in October, but Google have now made them public in line with their 90-day policy. It’s thought that a OS X 10.10.2 update to eradicate the problems is on the way.
Project Zero has been criticized by various high-profile tech figures including Microsoft security chief Chris Betz, who questioned whether the service really was built on principles. Betz said their approach felt: “less like principles and more like a ‘gotcha'”. The Windows flaws revealed by Google enabled attackers to impersonate a user and decrypt and encrypt data.
Researchers working for Project Zero are asked to identify security flaws that could lead to computers and other devices being attacked. The companies have 90 days to fix the problems before Google makes the public. The project was launched in 2014. Apple are yet to respond, though a statement on its product security page reads: “For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.”
Do you feel Google are right to expose other tech companies’ flaws in this manner? Let us know what you think below.