Google has publicly disclosed three vulnerabilities in Apple's Mac OS X operating system, claiming that the firm failed to meet its 90-day patch deadline.
The vulnerabilities were reported by Google Project Zero member 'Ianb', who the made bugs public on 21 and 22 January after disclosing them privately to Apple in October.
Apple had not responded to V3's request for comment at the time of publishing.
The bugs are detailed in the following advisories: networkd [sic] effective_audit_token XPC type confusion sandbox escape, IOKit kernel code execution due to NULL pointer dereference in IntelAccelerator and IOKit kernel memory corruption due to bad bzero in IOBluetoothDevice.
All three bugs require an attacker to have access to the target machine to be exploited, and the 'networkd 'effective_audit_token' XPC' flaw may already have been fixed in Yosemite as it was tested only on OS X version 10.9.5.
It is also unclear whether the flaws are being actively exploited or targeted by hackers, although Google has released proof-of-concept exploits showing how the flaws could be used to mount escalation of privilege attacks or hijack vulnerable Macs.
The OS X bugs follow Project Zero's public disclosure of a Microsoft Windows flaw earlier in January.
Project Zero publicly revealed a flaw in Windows 8.1's NtApphelpCacheControl that could reportedly be exploited by a hacker, with difficulty, to launch an arbitrary executable with elevated privileges.
The disclosure led to a backlash by Microsoft, which claimed that it had responded to Google's private disclosure and asked the firm to delay its public report so that it could release a fix as a part of the January security update.
Microsoft subsequently released a fix for the flaw in the January Patch Tuesday bulletin.
Google launched Project Zero in July 2014, The team initially discloses flaws in private to the firms concerned and gives them 90 days to release a fix before making the research public.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago