Having discovered a number of software vulnerabilities and security flaws, Google’s Project Zero has given both Apple and Microsoft 90 days to fix these bugs, otherwise it will release the details about these flaws to the public, Bloomberg is reporting.
The publication notes that last month, Apple pleaded with Google to wait about a week or so before going public about a minor OS X bug, but Google didn’t listen and went public with the details right away.
“According to a person familiar with the request who wasn’t authorized to speak publicly, Google knew the fix was coming and had possession of the updated software because it serves as a developer for Apple. Regardless, Google refused and released details of the flaws.
Microsoft, meanwhile, requested two additional days to fix a flaw in Windows. Google refused and publicized the bug”.
Google’s Project Zero, a newly formed team focused on “zero day” security flaws in software that hackers can take advantage of before developers learn of them, has so far singled out 39 loopholes in Apple products, 37 in Adobe software and 20 issues in Microsoft products.
According to Craig Young, a senior security researcher with Tripwire, a 90-day deadline is however not practical for large companies that have to search through thousands lines of code and make sure patches don’t negatively affect other software.
Young reported a bug to Apple in October 2012 that could let hackers attack a file server in OS X. Although the flaw wasn’t critical, Apple didn’t issue a final patch until last month.