Project Zero discloses macOS kernal vulnerability before patch

[Ink]

Content source

https://www.engadget.com/2019/03/04/google-discloses-high-severity-mac-security-flaw/

The vulnerability could let attackers mess with the file system in secret.

Google's Project Zero security disclosure program is once again proving to be a double-edged sword. The company has detailed a "high severity" macOS kernel flaw that lets people modify a user-mounted file system image without the virtual management subsystem being any the wiser, theoretically letting an attacker go unnoticed by users. Apple is working on a patch, but the disclosure ahead of the fix could leave Mac users vulnerable until it's ready.

The less-than-ideal timing stems in part from how Project Zero works. Google notified Apple of the bug in November 2018, but its automatic 90-day disclosure policy means that it will publicize security vulnerabilities whether or not a fix is in place.

 

[n0k0m3]

LOL if 90 days is not enough to patch (or just even working for a dirty patch) a security flaw then how long should it be then?
This shows the incompetence of Apple's macOS team in dealing with this situation. At least the iOS team patch the bug as soon as they are notified.