Rootpipe — Critical Mac OS X Yosemite Vulnerability Allows Root Access Without Password
A Swedish Security researcher has discovered a critical vulnerability in Apple’s OS X Yosemite that gives hackers the ability to escalate administrative privileges on a compromised machine, and allows them to gain the highest level of access on a machine, known as root access.
The vulnerability, dubbed as "Rootpipe", was uncovered by Swedish white-hat hacker Emil Kvarnhammar, who is holding on the full details about the privilege escalation bug until January 2015, as Apple needs some time to prepare a security patch.
"Details on the #rootpipe exploit will be presented, but not now. Let's just give Apple some time to roll out a patch to affected users," Emil Kvarnhammar, IT specialist and hacker security company Truesec, tweeted from his twitter account.
By exploiting the vulnerability in the Mac OS X Yosemite, an attacker could bypass the usual safeguard mechanisms which are supposed to stop anyone who tries to root the operating system through a temporary backdoor.
ROOT ACCESS WITHOUT PASSWORD
Once exploited, hackers could install malicious software or make other changes to your computer without any need of a password.
Hackers could steal victims’ sensitive information such as passwords or bank account information, or if required, they could format the entire affected computer, deleting all your important data from the computer.
Kvarnhammar has also provided a video to explain his initial finding.
“It all started when I was preparing for two security events, one in Stockholm and one in Malmö,” Kvarnhammar says. “I wanted to show a flaw in Mac OS X, but relatively few have been published. There are a few ‘proof of concepts’ online, but the latest I found affected the older 10.8.5 version of OS X. I couldn’t find anything similar for 10.9 or 10.10.”
Kvarnhammar tested the vulnerability on OS X version 10.8, 10.9 and 10.10. He has confirmed that it has existed since at least 2012, but probably is much older than that.
Kvarnhammar contacted Apple about the issue but he initially didn’t get any response, and Apple silently asked him for more details. When he provided with the details, Apple asked TrueSec not to disclose until next January.
Kvarnhammar said, "The current agreement with Apple is to disclose all details in mid-January 2015. This might sound like a long wait, but hey, time flies. It's important that they have time to patch, and that the patch is available for some time."
HOW TO PROTECT
The full disclosure of the vulnerability would be made public in January, after Apple will provide a fix. Apple Yosemite OS X users are advised to follow the below steps in order to protect yourself from the exploitation of the Rootpipe:
Avoid running the system on a daily basis with an admin account. An attacker that will gain control on this account will obtain anyway limited privileges.
Use volume encryption Apple’s FileVault tool, which allows encryption and decryption on the fly, protecting your information always.
However, the best way to protect yourself from such security vulnerabilities is to ensure that the operating system running on your system is always up-to-date, and always be careful to the links and documents others send to you.