 |
| Rootpipe critical security flaw in Mac OS X Yosemite |
Details on the #rootpipe exploit will be presented, but not now. Let's just give Apple some time to roll out a patch to affected users.
— Emil Kvarnhammar (@emilkvarnhammar) October 16, 2014
Once hacker exploited this bug on a compromised machine he can install malicious software,steal sensitive information or make changes to your system without the need of password.
"It all started in when I was preparing for two security events, one in Stockholm and one in Malmö," Emil says. "I wanted to show a flaw in Mac OS X,but relatively few have been published.There are few 'proof-of-concepts' online,but the latest I found affected the older 10.8.5 version of OS X.I couldn't find anything similar for 10.9 or 10.10."
He tested the vulnerability on 10.8,10.9 and 10.10 version of OS X.He also said that this vulnerability is existed since 2012.
Mac users keep their system more updated than Windows users,Emil says and he wanted to find a vulnerability that would affect current users of OS X.
"I started looking at admin operations and found a way to create a shell with root privileges.It took a few days of binary analysis to find the flaw,and I was pretty surprised when I found it.",Emil said.
Apple's Response
Emil already informed Apple about this vulnerability.Apple asked him for more details about the bug and said not to disclose this until January 2015.
"The current agreement with Apple is to disclose all details in mid-January 2015.This might sound like a long wait,but hey time flies.It's important that they have time to patch,and that the patch is not available for some time.",Emil said.Emil also uploaded a demo video of this vulnerability.Just have a look.
Post a Comment