Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

Mac OS X Affected by Critical “Rootpipe” Privilege Escalation Vulnerability

The latest version of Apple’s Mac operating system, OS X 10.10 Yosemite, is plagued by a critical vulnerability that can be exploited to take over affected devices, a researcher has revealed.

The latest version of Apple’s Mac operating system, OS X 10.10 Yosemite, is plagued by a critical vulnerability that can be exploited to take over affected devices, a researcher has revealed.

Emil Kvarnhammar, a security software engineer working for Sweden-based TrueSec, has uncovered a flaw that allows an attacker to escalate privileges from admin to root.

The vulnerability, which has been dubbed “rootpipe,” affects the 10.10, 10.9 and 10.8 versions of OS X. The expert believes older versions are also likely affected, but he hasn’t conducted any tests to confirm it.

“Normally sudo and system preferences require the user to explicitly enter an admin password to run as root. This is circumvented with rootpipe,” Kvarnhammar told SecurityWeek.

“To exploit, an attacker would need access to execute code on a target system. Either through physical access, or by combining with another vulnerability (code execution in browser, java, pdf etc.),” he added.

Apple was notified of the vulnerability’s existence on October 3, but it’s uncertain when it will address the issue. The researcher said he initially wanted to disclose the details of the vulnerability in mid-December, but Apple asked for more time so full disclosure is currently planed for mid-January.

Until Apple rolls out a fix for rootpipe, Kvarnhammar advises users to protect themselves against potential attacks by utilizing accounts with “standard” privileges, instead of ones with administrator rights. However, the researcher has pointed out that, unfortunately, most users have administrator accounts, which are created by default when the operating system is set up.

In October, Apple released security updates to address several vulnerabilities affecting the company’s products. With the release of OS X Yosemite, Apple fixed more than 40 security holes in components such as the application sandbox, Bluetooth, IOKit, the kernel, mail, QuickTime and Safari. The company has also released updates to protect users against attacks leveraging the SSL 3.0 flaw known as POODLE.

In addition to vulnerabilities, Apple also has to deal with the fact that its customers are increasingly targeted with malware. A good example is the recently uncovered WireLurker, a threat that targets both Mac OS X and iOS devices, and which may have already infected hundreds of thousands of devices.

Kvarnhammar has published a video demonstrating the rootpipe vulnerability which is embedded below.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.