Google Project Zero vulnerability research team today published a Apple number of 0day vulnerabilities and technical details of the vulnerability by enhancing the system permissions and then control the entire victims Mac computer. It is worth mentioning that just two weeks ago, Google just disclosed the Microsoft Windows8. 1 0day vulnerabilities, triggering a controversy.
Google publicly disclosed vulnerability report contains a POC（proof-of-concept exploit code, which provides more than enough technical details that an attacker can rewrite the code to launch targeted attacks.
Not negotiable: the 9 0-day vulnerabilities automatically open
Google has in the last year 1 0 on 2 0 and 2 1 and 2 Number 3 these three vulnerabilities Secret submitted to Apple. When the 9 0-day vulnerability published period after the deadline, Google's Project Zero as scheduled, published the vulnerability details. And according to Google's rules and consistent style, if the vulnerability still exists and has not been repaired, Google will still be on schedule to publish vulnerability details. Because of the consistently strong Google to say, this is not the first time they refused the developer's vulnerability disclosure extension request.
Vulnerability 1, vulnerability 2, vulnerability 3.
Related reading: Google re-aeration Windows8. 1 vulnerability, Microsoft's wrath.
At Microsoft yet had released vulnerability patches, the Google Project Zero team has once again released its Windows8. 1 System and a new vulnerability, the vulnerability can lead to elevation of privileges. Google a series of vulnerability disclosures angered Microsoft.
Just a few short weeks, this has to be the Google team released for Windows8. 1 System of a second vulnerability. According to Google vulnerability announced policy, Google is waiting for 9 0 days after publication of this vulnerability's details. But it is curious that in the last year 1 1 month, Microsoft requests Google to postpone the vulnerability publication date, on the grounds that they are going to in 2 0 1 5 year 2 month to fix the vulnerability.
However, Google has rejected Microsoft's request on the grounds that it is not in their vulnerability publication policy. So Microsoft decided in 2 0 1 5 years 1 month to fix the vulnerability, but Google still refused to postpone the vulnerability of the publication, even if delayed 2 days.