Google has publicly disclosed three vulnerabilities in Apple's Mac OS X operating system, claiming that the firm failed to meet its 90-day patch deadline.
The vulnerabilities were reported by Google Project Zero member 'Ianb', who the made bugs public on 21 and 22 January after disclosing them privately to Apple in October.
Apple had not responded to V3's request for comment at the time of publishing.
The bugs are detailed in the following advisories: networkd [sic] effective_audit_token XPC type confusion sandbox escape, IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator and IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice.
All three bugs require an attacker to have access to the target machine to be exploited, and the 'networkd 'effective_audit_token' XPC' flaw may already have been fixed in Yosemite as it was tested only on OS X version 10.9.5.
It is also unclear whether the flaws are being actively exploited or targeted by hackers, although Google has released proof-of-concept exploits showing how the flaws could be used to mount escalation of privilege attacks or hijack vulnerable Macs.
The OS X bugs follow Project Zero's public disclosure of a Microsoft Windows flaw earlier in January.
Project Zero publicly revealed a flaw in Windows 8.1's NtApphelpCacheControl that could reportedly be exploited by a hacker, with difficulty, to launch an arbitrary executable with elevated privileges.
The disclosure led to a backlash by Microsoft, which claimed that it had responded to Google's private disclosure and asked the firm to delay its public report so that it could release a fix as a part of the January security update.
Microsoft subsequently released a fix for the flaw in the January Patch Tuesday bulletin.
Google launched Project Zero in July 2014, The team initially discloses flaws in private to the firms concerned and gives them 90 days to release a fix before making the research public.
Microsoft receives a 30 per cent cut of all purchases on the Xbox digital store
Credit card thieves used Apple ID accounts to buy and sell virtual currency for Clash of Clans and Clash Royale and Marvel Contest of Champions
$5.1bn fine further evidence that the EU is anti-US, claims Trump
New cable will connect Virginia to France