• Home
  • News
  • OS X
  • ‘Rootpipe’ Vulnerability Still in OS X Yosemite 10.10.3, Says Former NSA Agent

‘Rootpipe’ Vulnerability Still in OS X Yosemite 10.10.3, Says Former NSA Agent

‘Rootpipe’ Vulnerability Still in OS X Yosemite 10.10.3, Says Former NSA Agent

Plenty of new on the security side of things today, as Forbes reports the “Rootpipe” vulnerability in OS X remains present, even though it was reportedly fixed in the recent OS X 10.10.3 update. Earlier today, we reported that an HTTPS vulnerability had left 1,500 iOS apps vulnerable to a man-in-the-middle attack.

'Rootpipe' Vulnerability in OS X Yosemite 10.10.3, Says Former NSA Agent

Forbes reports former NSA agent Patrick Wardle has discovered the Rootpipe flaw is still present on Macs running OS X 10.10.3, as well as older versions:

Apple put additional access controls to stop attacks, but Wardle’s code was still able to connect to the vulnerable service and start overwriting files on his Mac. “I was tempted to walk into the Apple store this [afternoon] and try it on the display models – but I stuck to testing it on my personal laptop (fully updated/patched) as well as my OS X 10.10.3 [virtual machine]. Both worked like a charm,” Wardle told FORBES over email. In a blog post, he’d said his exploit was “a novel, yet trivial way for any local user to re-abuse Rootpipe”.

Rootpipe, discovered last October, allows a hacker to create a hidden backdoor on a system, allowing root access to a computer after they gain local privileges. It should be noted that physical access to the Mac is required to exploit the vulnerability.

Apple has yet to comment on the Forbes report.

Apple most recently patched the “FREAK” security flaw in its systems. The FREAK flaw made everything from a Mac to an Apple TV vulnerable to having sensitive information stolen.

(Via MacRumors)

  1. explanation says:

    108482 343959Following study many with the content material inside your web web site now, and i also truly considerably like your way of blogging. I bookmarked it to my bookmark website list and are checking back soon. Pls take a appear at my internet page also and inform me how you feel. 809890

  2. opensea nft says:

    439126 208123Its hard to search out knowledgeable individuals on this subject, but you sound like you realize what you are speaking about! Thanks 248508

  3. 19올넷 says:

    96630 722227If running proves to be a dilemma then it may possibly be wise to find alternative exercises such as circuit training, weight training, swimming or cycling. 405744

  4. ftu-rank.com says:

    736876 285523It can be tough to write about this topic. I believe you did an superb job though! Thanks for this! 873787

  5. 869707 953499Be the precise weblog should you have wants to learn about this subject. You comprehend considerably its almost onerous to argue to you (not that I personally would needHaHa). You undoubtedly put a new spin for a subject thats been discussing for some time. Nice stuff, simply nice! 58296

Leave a Reply

Your email address will not be published.