Project Zero says at least one flaw (out of three) was addressed with the release of Yosemite in October

Jan 24, 2015 08:25 GMT  ·  By

Apple has two security flaws to address for customers who are not yet running OS X 10.10.2, the latest version of Yosemite, currently in beta testing.

Google's Project Zero this week exposed three zero-day vulnerabilities in Apple’s desktop operating system, one of which is reportedly already addressed. The remaining two are also patched, but not in a way that benefits the user. The OS X builds that have these holes closed are in beta.

Ongoing development

Apple seems to be favoring its own focus areas over the security concerns put forth by Google. In the last two betas seeded to developers, the company added a fourth focus area for testers to look at: Bluetooth (in addition to Wi-Fi, Mail, and VoiceOver).

The security side of these updates is rarely (if ever) disclosed, which means users need to resort to actual testing to see if the system is vulnerable to certain attacks. In the case of OS X 10.10.2, people familiar with the newest builds say that all the flaws disclosed by Google in their Project Zero report have been addressed.

The only problem is that OS X 10.10.2 has yet to be released publicly, meaning that at least two flaws are still exploitable in the wild. However, it is worth noting that this particular update has been in testing for three months now. By all accounts, it should be released any day now.

Developers looking to download OS X 10.10.2 can do so immediately by visiting the Mac Dev Center. A utility software is required for the first installation, after which any new beta can be downloaded via the Mac App Store's updates tab.