Rootpipe – Vulnerabilidade escalada descobertos nas versões anteriores do OS X e Yosemite

Security researchers warn that an unpatched flaw in some of the earlier versions of OS X and Yosemite lets criminals take over the compromised machine.

The escalation vulnerability dubbed Rootpipe allows the hackers to gain root access to the affected computer without entering the sudo password first. Sudo is created to block file deletion, code execution or any other delicate operation by unauthorized users on the particular PC.

Emil Kvarnhammar, a researcher with Trusec who discovered the flaw, explains that “sudo” requires a password which purpose is to stop the admin from gaining root access to the computer if he does not enter the correct password. The expert has performed binary analysis for a few days before finding the vulnerability.
Vulnerabilidade Rootpipe em versões anteriores do OS X e Yosemite
Rootpipe is reportedly present in the following versions:

  • 10.10, aka Yosemite
  • 10.8.5

The available information so far is quite limited, but experts have not found any indication that the flaw can be exploited remotely. If this turns out to be true, the bug can be of use only to people who can physically access the compromised machine. Nesse caso, the bug shouldn’t be considered that dangerous, but still needs to be fixed. Users looking for a temporary solution of the problem are advised to use “standard” instead of “admin” rights.


Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar