Macs still vulnerable to “Rootpipe”

Anthony Caruana
20 April, 2015
View more articles fromthe author
AAA
Security

FileVault 2, os x, security, macworld australiaLate in 2014, a security flaw, dubbed “Rootpipe”, was identified. This gives root access to attackers. Root access gives greater access to low level processes and files that are typically hidden that Administrator access.

For an attacker to exploit Rootpipe they would either have to have physical access to your Mac or have remote access through some other method, such as malicious user-installed software or a remotely exploitable vulnerability. In other words, while it’s a serious flaw, the odds of someone being able to use it are fairly remote. It was discovered by Emil Kvarnhammar from TrueSec and cecurity firm FireEye found malware that uses the “Rootpipe” flaw in September of 2014.

While the vulnerability has been largely squashed in OS X 10.10.3, also known as Yosemite, older Macs are still vulnerable according to researchers from security start up Synack.

One Comment

One person was compelled to have their say. We encourage you to do the same..

  1. Paul Mah says:

    This is not an end-of-the-world flaw, given that hackers cannot magically compromise your computer unless they have a user account in the first place. There is no doubt that privilege escalation is bad however, and it means that guest users could launch an app that effectively takes over your Mac.

    Until Apple fixes this properly, companies with Macs on their network may want to consider threat detection tools to quickly detect and block compromised clients. Check this out http://techblo.gr/1DFSmLy

    Paul Mah, commenting on behalf of IDG and FireEye.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us