Rootpipe - Escalation Vulnerability Discovered in Earlier Versions of OS X and Yosemite - How to, Technology and PC Security Forum | SensorsTechForum.com
CYBER NEWS

Rootpipe – Escalation Vulnerability Discovered in Earlier Versions of OS X and Yosemite

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Security researchers warn that an unpatched flaw in some of the earlier versions of OS X and Yosemite lets criminals take over the compromised machine.

The escalation vulnerability dubbed Rootpipe allows the hackers to gain root access to the affected computer without entering the sudo password first. Sudo is created to block file deletion, code execution or any other delicate operation by unauthorized users on the particular PC.

Emil Kvarnhammar, a researcher with Trusec who discovered the flaw, explains that “sudo” requires a password which purpose is to stop the admin from gaining root access to the computer if he does not enter the correct password. The expert has performed binary analysis for a few days before finding the vulnerability.
Rootpipe Vulnerability in Earlier Versions of OS X and Yosemite
Rootpipe is reportedly present in the following versions:

  • 10.10, aka Yosemite
  • 10.8.5

The available information so far is quite limited, but experts have not found any indication that the flaw can be exploited remotely. If this turns out to be true, the bug can be of use only to people who can physically access the compromised machine. In this case, the bug shouldn’t be considered that dangerous, but still needs to be fixed. Users looking for a temporary solution of the problem are advised to use “standard” instead of “admin” rights.

Avatar

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...