Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Mac OS X Affected by Critical “Rootpipe” Privilege Escalation Vulnerability

The latest version of Apple’s Mac operating system, OS X 10.10 Yosemite, is plagued by a critical vulnerability that can be exploited to take over affected devices, a researcher has revealed.

The latest version of Apple’s Mac operating system, OS X 10.10 Yosemite, is plagued by a critical vulnerability that can be exploited to take over affected devices, a researcher has revealed.

Emil Kvarnhammar, a security software engineer working for Sweden-based TrueSec, has uncovered a flaw that allows an attacker to escalate privileges from admin to root.

The vulnerability, which has been dubbed “rootpipe,” affects the 10.10, 10.9 and 10.8 versions of OS X. The expert believes older versions are also likely affected, but he hasn’t conducted any tests to confirm it.

“Normally sudo and system preferences require the user to explicitly enter an admin password to run as root. This is circumvented with rootpipe,” Kvarnhammar told SecurityWeek.

“To exploit, an attacker would need access to execute code on a target system. Either through physical access, or by combining with another vulnerability (code execution in browser, java, pdf etc.),” he added.

Apple was notified of the vulnerability’s existence on October 3, but it’s uncertain when it will address the issue. The researcher said he initially wanted to disclose the details of the vulnerability in mid-December, but Apple asked for more time so full disclosure is currently planed for mid-January.

Until Apple rolls out a fix for rootpipe, Kvarnhammar advises users to protect themselves against potential attacks by utilizing accounts with “standard” privileges, instead of ones with administrator rights. However, the researcher has pointed out that, unfortunately, most users have administrator accounts, which are created by default when the operating system is set up.

In October, Apple released security updates to address several vulnerabilities affecting the company’s products. With the release of OS X Yosemite, Apple fixed more than 40 security holes in components such as the application sandbox, Bluetooth, IOKit, the kernel, mail, QuickTime and Safari. The company has also released updates to protect users against attacks leveraging the SSL 3.0 flaw known as POODLE.

Advertisement. Scroll to continue reading.

In addition to vulnerabilities, Apple also has to deal with the fact that its customers are increasingly targeted with malware. A good example is the recently uncovered WireLurker, a threat that targets both Mac OS X and iOS devices, and which may have already infected hundreds of thousands of devices.

Kvarnhammar has published a video demonstrating the rootpipe vulnerability which is embedded below.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.