A significant security flaw affecting OS X Yosemite hasn’t been fixed as previously thought, according to a former NSA staffer.
The flaw, known as Rootpipe, is said to have existed since 2011, and could allow an attacker to gain full control of another user’s Mac without requiring authentication.
To do this it opens up what is called “root access,” aka the highest privilege access on a computer. Don’t worry if you’re the only one who uses your Mac, however: the vulnerability requires a would-be attacker to have physical access to your machine in order to be able to gain administrator access.
Nonetheless, the vulnerability was thought to have been fixed by the latest OS X update, but apparently this is not the case.
Patrick Wardle, a former NSA employee and now head of security firm Synack, discovered a way to exploit the vulnerability while on an airplane flight. Although Apple has implemented additional access controls as a way of trying to stop attacks, Wardle was nonetheless able to use his code to begin overwriting files on his Mac.
Apple was informed about the Rootpipe vulnerability back in October, but only got around to addressing the fault in April. It was believed that the problem had been solved, but today’s update on the story suggests this is far from over.
Wardle, for his part, has handed over all his findings on the flaw.
Source: Forbes
Luke Dormehl is a U.K.-based journalist and author, with a background working in documentary film for Channel 4 and the BBC. He is the author of The Apple Revolution and The Formula: How Algorithms Solve All Our Problems … and Create More, both published by Penguin/Random House. His tech writing has also appeared in Wired, Fast Company, Techmeme and other publications.
5 responses to “Serious OS X vulnerability isn’t fixed after all”
If anyone actually has physical access to my Mac, they will most likely ignore it and steal the ancient golden cat statue that sits right in front of it because; It is made of gold, it is beautiful, it is cursed.
Man apple has a lot of security issues and bugs. I thought they were perfect?
As many as they have, they STILL don’t have as many as Android or Windows. Ever see the daily reports by the various companies that track released malware?
Maybe you need to revisit that.
Two main reasons why that is true. First over a billion computers run Windows OS. MAC OS is closed and Windows is more open. You can compare MAC to Windows by comparing the U.S. to any communist country. Maybe the U.S. has its problems but at least we still have some freedom to do what we want/need. Apple tells us how we are going to do things and only unlocks the ability to programmers it feels like unlocking while MS takes a more free approach.
It would be one thing if Cult of Mac reported their findings to Apple in some legitimate way, aiding in the exposure and fixing of software bugs and inconsistencies! But more and more I find your articles alarmist. You’ve become the Inquirer of Mac, spouting fear mongering and not actually doing anything except bitching, and putting down Apple! It is time to Block Source your feed, and stop listening to your unhelpful rant!