Rootpipe: Major Security Vulnerability in Apple OS X Yosemite Won't be Patched until 2015
Apple has been made aware of a big security vulnerability in its OS X 10.10 (Yosemite) desktop operating system (OS) called Rootpipe which won't be patched until 2015.
The security flaw will allow hackers to gain root access to a computer running the latest version of Apple's desktop software.
The vulnerability was discovered by Swedish security researcher Emil Kvarnhammar who reported the issue to Apple, and after initially being ignored, was asked by the technology giant to withhold publishing details about Rootpipe until the company was able to publish a patch for the software.
Kvarnhammar did however tweet some information about the flaw.
Speaking to ZDNet, Kvarnhammar said: "The current agreement with Apple is to disclose all details in mid-January 2015. That might sound like a long wait, but, hey, time flies. It's important that they have time to patch, and that the patch is available for some time."
Speaking to TechWorld Sweden, Kvarnhammar gave some more details about the vulnerability:
"Normally there are 'sudo' password requirements, which work as a barrier, so the admin can't gain root access without entering the correct password - Rootpipe circumvents that."
Speculating about how consumers could protect themselves against a Rootpipe attack, security journalist Violet Blue of ZDNet offers this advice as a temporary workaround:
"Rootpipe access is through an admin account, which is of course what everyone has to have on a Mac - and it's what most people use for daily computer use. To clog Rootpipe, create a secondary admin account, one that you won't usage everyday. Then through the admin account, you'll want to remove admin permissions from the account you'll be using daily."
Apple has yet to comment publicly on the matter.
Kvarnhammer has posted a video showing his initial findings which you can see below.
© Copyright IBTimes 2024. All rights reserved.