Google Roasts Apple, Discloses 3 OS X Bugs

[Jill Scharr]

Google's Project Zero has done to Apple what it recently did to Microsoft, disclosing three OS X flaws before Apple had patched them.

Google Roasts Apple, Discloses 3 OS X Bugs : Read more

 

[phatboe]

I wonder if Google is intentionally Targeting MS and Apple due to them constantly bullying Google Android Partners over IP disagreements over android devices.

 

[derekullo]

The other side of the coin is Microsoft and Apple software has the most bugs.

Not bashing them. Just saying an operating system has a lot of lines of code.

 

[DarkSable]

Guys, Google isn't targeting anybody. They're giving the owners of any bugs they find AMPLE time to fix them, and these companies aren't fixing serious bugs in a reasonable amount of time, then are complaining when the information is released...

This grace period is a standard practice in the industry, and is a decent balance between announcing the bugs (And letting hackers in before the company has a chance to fix them) and only telling the company, letting them not ever fix it if they don't care to.

 

[Jill Scharr]

Hi everyone, thanks for your comments! From my experience, I agree with DarkSable: Project Zero is probably looking at the most commonly used software in an effort to find bugs that would potentially affect the greatest number of people, and Microsoft and Apple are certainly at the top of that list. The grace period for bug disclosure is standard practice. Apple's and Microsoft's sheer size count both for and against them in terms of being able to patch issues in a timely manner, but my understanding is that 90 days is not an unreasonably short amount of time.

 

[TEAMSWITCHER]

"..attackers would need some sort of pre-established access to the targets computer."

You should have found the security flaw that does that first, and then post this ridiculous attack piece on Apple.

 

[plasmastorm]

Good guy google?

Time will tell.

 

[The_Bytemaster]

These days, most of the big bugs seem to still be found in Adobe software, such as Flash and Acrobat Reader.

That said, they should give them a little wiggle room on the 90 Days. The Microsoft case was rediculous as Microsoft had the patch ready and was releasing on their next patch day, which was just a couple of days beyond the 90 days. It is proven that if you rush litle patches that in causes chaos in IT organizations and can sometimes lead to worse unpatched scenerios. Not granting them the extra couple of days did no body a service except Google.

 

[therickmu25]

I'm sorry but who is Google to determine other companies timelines and guidlines for fixing problems?
Wasn't the problem with Micrsoft with the 'Kernel' in their code? Something like that would need to be quality checked beyond quality checked since it trickles down to every product that uses the software.

This whole, "they gave them reasonable time" is garbage because you don't know what the project fully entailed and neither does Google because they don't work for Microsoft or Apple and know 1. their workload, 2. What projects are fully prioritized in their day to day tasks. Completely un-professional but what would you expect from smug 20- 30 year old somethings who wear shorts and flip-flops to work and all make over $100k a year.

 

[SnakeV943]

You can tell Google is getting desperate.

 

[eklipz330]

how is this in anyway a form of desperation? they have nothing to gain from doing this. they are using money from their own pocket to find security issues in other products.

it's only a benefit to them IN PUBLICITY ONLY if they refuse to patch it. otherwise, there is nothing to gain.

 

[damianrobertjones]

and...
http/www.engadget.com/2015/01/24/google-responds-to-webview-flaw/

 

[ivanthechemist]

@therickmu25 Oh, Google is nobody. It is a nobody that found holes in their security without asking for money, time or people. Informed them for free and WITHHELD knowledge of the issue for 90 days, to protect their competitors' (clients) interests. If Microsoft, Apple, Oracle and Red Hat start mirror divisions like this, one thing is for sure - cyber security will become almost perfect.

 

[alextheblue]

Guys, Google isn't targeting anybody. They're giving the owners of any bugs they find AMPLE time to fix them, and these companies aren't fixing serious bugs in a reasonable amount of time, then are complaining when the information is released...

This grace period is a standard practice in the industry, and is a decent balance between announcing the bugs (And letting hackers in before the company has a chance to fix them) and only telling the company, letting them not ever fix it if they don't care to.

I diagree. They're deliberately finding security flaws, only giving 90 days when companies might well be swamped with working on new products and old alike, and then they assist hackers by releasing their flaws. What's Google's motivation? To help those companies? Out of the goodness of their hearts? No! They're doing it to harm their competition while trying to look like some kind of hero.

 

[AndrewJacksonZA]

@ivanthechemist: I agree with you, except "If Microsoft, Apple, Oracle and Red Hat start mirror divisions like this, one thing is for sure - cyber security will become almost perfect." In the battle of sword versus shield, the sword will eventually win.

Given enough time, money and resources, pretty much *anything* can be broken.

 

[okibrian]

People in glass houses...

 

[jmonaco5]

More often than not, these companies know of the security flaws. Call me a conspiracy theorist if you will, but if these security flaws didn't exist, neither would Kapersky, Mcafee, Norton and the like. I think its good that Google is doing this, its a national security issue. Our intellectual property is stolen everyday by "others" and then our own ideas are sold back to us(in products) at lower prices. Sounds like WWIII to me. Keep it up Google!