Google reveals Apple OS X Zero-Day Flaws
Project Zero team said that the flaws could lead to a successful attempt to elevate privilege levels and take over a machine.
The public disclosure follows the recent revealing of bugs in Microsoft Windows. However, the OS X vulnerabilities require an attacker to have access to a targeted Mac to execute such an attack.
The first flaw is OS X networkd effective_audit_token XPC type confusion sandbox escape, and is unsandboxed but runs as its own user.
It is reachable from many sandboxes, including the Safari WebProcess and ntpd, plus all those which allow system-network.
The second is OS X IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator and the third is OS X IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice.