In the past two days, Project Zero has disclosed OS X vulnerabilities here, here, and here. At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. §
When Google’s Project Zero starts dropping exploits on its own doorstep, I’ll be more impressed. Also, the OS X 10.10.2 update—which is currently in developer testing—fixes the disclosed exploits.