Late in 2014, a security flaw, dubbed “Rootpipe”, was identified. This gives root access to attackers. Root access gives greater access to low level processes and files that are typically hidden that Administrator access.
For an attacker to exploit Rootpipe they would either have to have physical access to your Mac or have remote access through some other method, such as malicious user-installed software or a remotely exploitable vulnerability. In other words, while it’s a serious flaw, the odds of someone being able to use it are fairly remote. It was discovered by Emil Kvarnhammar from TrueSec and cecurity firm FireEye found malware that uses the “Rootpipe” flaw in September of 2014.
While the vulnerability has been largely squashed in OS X 10.10.3, also known as Yosemite, older Macs are still vulnerable according to researchers from security start up Synack.