A significant security flaw affecting OS X Yosemite hasn’t been fixed as previously thought, according to a former NSA staffer.
The flaw, known as Rootpipe, is said to have existed since 2011, and could allow an attacker to gain full control of another user’s Mac without requiring authentication.
To do this it opens up what is called “root access,” aka the highest privilege access on a computer. Don’t worry if you’re the only one who uses your Mac, however: the vulnerability requires a would-be attacker to have physical access to your machine in order to be able to gain administrator access.
Nonetheless, the vulnerability was thought to have been fixed by the latest OS X update, but apparently this is not the case.
Patrick Wardle, a former NSA employee and now head of security firm Synack, discovered a way to exploit the vulnerability while on an airplane flight. Although Apple has implemented additional access controls as a way of trying to stop attacks, Wardle was nonetheless able to use his code to begin overwriting files on his Mac.
Apple was informed about the Rootpipe vulnerability back in October, but only got around to addressing the fault in April. It was believed that the problem had been solved, but today’s update on the story suggests this is far from over.
Wardle, for his part, has handed over all his findings on the flaw.