Security Experts:

Mac OS X Affected by Critical "Rootpipe" Privilege Escalation Vulnerability

The latest version of Apple's Mac operating system, OS X 10.10 Yosemite, is plagued by a critical vulnerability that can be exploited to take over affected devices, a researcher has revealed.

Emil Kvarnhammar, a security software engineer working for Sweden-based TrueSec, has uncovered a flaw that allows an attacker to escalate privileges from admin to root.

The vulnerability, which has been dubbed "rootpipe," affects the 10.10, 10.9 and 10.8 versions of OS X. The expert believes older versions are also likely affected, but he hasn't conducted any tests to confirm it.

"Normally sudo and system preferences require the user to explicitly enter an admin password to run as root. This is circumvented with rootpipe," Kvarnhammar told SecurityWeek.

"To exploit, an attacker would need access to execute code on a target system. Either through physical access, or by combining with another vulnerability (code execution in browser, java, pdf etc.)," he added.

Apple was notified of the vulnerability's existence on October 3, but it's uncertain when it will address the issue. The researcher said he initially wanted to disclose the details of the vulnerability in mid-December, but Apple asked for more time so full disclosure is currently planed for mid-January.

Until Apple rolls out a fix for rootpipe, Kvarnhammar advises users to protect themselves against potential attacks by utilizing accounts with "standard" privileges, instead of ones with administrator rights. However, the researcher has pointed out that, unfortunately, most users have administrator accounts, which are created by default when the operating system is set up.

In October, Apple released security updates to address several vulnerabilities affecting the company's products. With the release of OS X Yosemite, Apple fixed more than 40 security holes in components such as the application sandbox, Bluetooth, IOKit, the kernel, mail, QuickTime and Safari. The company has also released updates to protect users against attacks leveraging the SSL 3.0 flaw known as POODLE.

In addition to vulnerabilities, Apple also has to deal with the fact that its customers are increasingly targeted with malware. A good example is the recently uncovered WireLurker, a threat that targets both Mac OS X and iOS devices, and which may have already infected hundreds of thousands of devices.

Kvarnhammar has published a video demonstrating the rootpipe vulnerability which is embedded below.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.