Jump to content

Apple still isn't protecting OS X Yosemite users from Rootpipe

sincity

By sincity
in Technology

 Share

Recommended Posts

sincity Rookie

sincity

Posted
Posted
Apple still isn't protecting OS X Yosemite users from Rootpipe

Apple has failed to plug a significant security flaw in OS X Yosemite that leaves all Macs running the OS open to a vulnerability that can take over the whole machine.

First reported by Forbes, Patrick Wardle, a former NSA staffer who is now head of research at Synack, claims that he wrote code able to exploit the vulnerability despite Apple's latest version of Yosemite that was supposed to have prevented it.

The Rootpipe vulnerability allows hackers to ramp up a user's privileges to then make it more simple to take over an entire machine or alternatively spread malware across the whole system.

Wardle discovered that the extra access controls put in place by Apple in the latest update issued this month can still be bypassed and the former NSA staffer was able to connect to the vulnerable service before starting to overwrite files on his Mac.

"I was tempted to walk into the Apple store this [afternoon] and try it on the display models – but I stuck to testing it on my personal laptop (fully updated/patched) as well as my OS X 10.10.3 [virtual machine]. Both worked like a charm," Wardle jokingly added.

When do we get our fix?

The attack code, which Wardle would not reveal, has been passed on to Apple in the hope that it comes up with a fix for the bug that cannot be bypassed, however, that could take some time if its history with Rootpipe is taken into account.

Apple was first informed of the Rootpipe back door in October 2014 and, even though it planned to issue a fix in January, the update didn't actually arrive until April and as we've seen it doesn't seem to have done the job.

mf.gif


rc.img
rc.img
rc.img

a2.imga2t.img5vYq7vzTk78
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

About Us

We are glad you decided to stop by our website and servers. At Fearless Assassins Gaming Community (=F|A=) we strive to bring you the best gaming experience possible. With helpful admins, custom maps and good server regulars your gaming experience should be grand! We love to have fun by playing online games especially W:ET, Call of Duty Series, Counter Strike: Series, Minecraft, Insurgency, DOI, Sandstorm, RUST, Team Fortress Series & Battlefield Series and if you like to do same then join us! Here, you can make worldwide friends while enjoying the game. Anyone from any race and country speaking any language can join our Discord and gaming servers. We have clan members from US, Canada, Europe, Sri Lanka, India, Japan, Australia, Brazil, UK, Austria, Poland, Finland, Turkey, Russia, Germany and many other countries. It doesn't matter how much good you are in the game or how much good English you speak. We believe in making new friends from all over the world. If you want to have fun and want to make new friends join up our gaming servers and our VoIP servers any day and at any time. At =F|A= we are all players first and then admins when someone needs our help or support on server.

Player Gaming Stats for =F|A= Servers.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept