Swedish hacker finds 'serious' vulnerability in OS X Yosemite

  • 31 October 2014
  • 2 replies
  • 1 view

Userlevel 7
Badge +54

A white-hat hacker from Sweden says he's found a serious security hole in Apple's Yosemite OS X that could allow an attacker to take control of your computer.

 
by Magnus Aschan , IDG News Service
 
A white-hat hacker from Sweden says he's found a serious security hole in Apple's Yosemite OS X that could allow an attacker to take control of your computer.
Emil Kvarnhammar, a hacker at Swedish security firm Truesec, calls the vulnerability "rootpipe" and has explained how he found it and how you can protect against it.
It's a so-called privilege escalation vulnerability, which means that even without a password an attacker could gain the highest level of access on a machine, known as root access. From there, the attacker has full control of the system.
It affects the newest OS X release, version 10.10, known as Yosemite. Apple hasn't fixed the flaw yet, he says, so Truesec won't provide details yet of how it works.
 
Full Article

2 replies

Userlevel 7
Badge +52
It looks like a serious security flaw was discovered in many versions of Apple’s OS X, including the recently launched Yosemite. There’s isn’t much info on how it works but Apple is reportedly trying to fix it already.

The news came via a Swedish hacker, who found the so called “rootpipe” vulnerability in older versions of Apple’s OS. He then discovered that with some small modifications the same exploit could be used on Yosemite.
 
 

 
Full Article
Userlevel 7
Badge +3
 When Apple released the latest version of Mac OS X Yosemite earlier this month, it claimed to have fixed a significant flaw, a backdoor named Rootpipe, that had been resident on its computers since 2011. But, due to some uncodified Apple policy on patching, anyone running an operating system below 10.10 remained vulnerable, leaving tens of millions with documented weaknesses in their PCs. And, according to researchers, Apple botched the patch anyway, so all Mac machines remain vulnerable to Rootpipe attacks. 
 
 http://www.forbes.com/sites/thomasbrewster/2015/04/19/apple-fails-to-patch-rootpipe/

Reply