Bad news: Google drops macOS zero-day after Apple misses bug deadline. Good news: It’s fiddly to exploit



Google has publicly disclosed a zero-day flaw in Apple’s macOS after the Cupertino mobe-maker failed to fix the security shortcoming within the ad giant’s 90-day deadline.

The vulnerability itself is relatively minor in terms of danger: it allows malware already running on your Mac, or a rogue logged-in user, to potentially escalate their privileges, and fully take over the computer, by secretly altering the contents of files on user-mounted disks without you noticing. Thus, to exploit the weakness, your computer already has to be compromised, which is pretty much game over for most folks.

However, this is Google dropping a proof-of-concept exploit on a tech rival, and it’s therefore caught everyone’s attention.

Read more…