Plenty of new on the security side of things today, as Forbes reports the “Rootpipe” vulnerability in OS X remains present, even though it was reportedly fixed in the recent OS X 10.10.3 update. Earlier today, we reported that an HTTPS vulnerability had left 1,500 iOS apps vulnerable to a man-in-the-middle attack.
Forbes reports former NSA agent Patrick Wardle has discovered the Rootpipe flaw is still present on Macs running OS X 10.10.3, as well as older versions:
Apple put additional access controls to stop attacks, but Wardle’s code was still able to connect to the vulnerable service and start overwriting files on his Mac. “I was tempted to walk into the Apple store this [afternoon] and try it on the display models – but I stuck to testing it on my personal laptop (fully updated/patched) as well as my OS X 10.10.3 [virtual machine]. Both worked like a charm,” Wardle told FORBES over email. In a blog post, he’d said his exploit was “a novel, yet trivial way for any local user to re-abuse Rootpipe”.
Rootpipe, discovered last October, allows a hacker to create a hidden backdoor on a system, allowing root access to a computer after they gain local privileges. It should be noted that physical access to the Mac is required to exploit the vulnerability.
Apple has yet to comment on the Forbes report.