Apple Security Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 04/22/2015 12:15:54 AM PDT by Swordmaker
OS X Yosemite still open to Rootpipe hijacking, says ex-NSA bod
Apple's attempt to fix a serious security weakness in OS X has fallen short, leaving users still vulnerable to malware seizing their Macs, it is claimed.
Patrick Wardle, director of research at Synack, reckons Cupertino has not been able to fully kill off the so-called "Rootpipe" backdoor that was supposed to be eradicated in last week's OS X Yosemite 10.10.3 update. Apple has refused to address the vulnerability in older versions of OS X, such as version 10.9.x.
The Rootpipe vulnerability, present in OS X since at least 2011, allows software to gain administrator-level privileges without permission. It means innocent-looking applications can log keypresses and cause havoc on the machine, and malware exploiting the hole is apparently in the wild.
Writing on his personal Objective-See blog over the weekend, Wardle says he has written some proof-of-concept code in Python to exploit parts of the Rootpipe bug lingering in OS X 10.10.3, and has published a video of it in action: it appears to show him, as a normal user, adding read access rights to a previously inaccessible root-owned file.
(See video at source)
Wardle, an ex-NSA staffer and former NASA intern, declined to give any further details on the hack pending a fix from Apple; he says he has privately disclosed the bug to the iGiant.
The backdoor was reported in October 2014 by Emil Kvarnhammar. Authentication checks are missing in the part of the operating system that handles configuration settings for the computer, which can be exploited to escalate privileges.
"On my flight back from presenting at Infiltrate – amazing conference, by the way – I found a novel yet trivial way for any local user to re-abuse Rootpipe, even on a fully patched OS X 10.10.3 system," Wardle wrote on his blog.
"In the spirit of responsible disclosure, at this time, I won't be providing the technical details of the attack, besides of course to Apple. However, I felt that in the meantime, OS X users should be aware of the risk."
If you want on or off the Mac Ping List, Freepmail me.
Demanded by nsa, most likely, not to be fixed.
Thanks for the heads up
Self ping to read later.
I downloaded the patch last Friday, and it BORKED my Admin account, and couldn’t reboot. Was perfect before. Had to return it to Buy Best and have the Geek squad restore my computer. I wonder what the hell happened, now I wonder if this was any part of it.
No biggie, just a hundred miles each direction, twice. I’ve got nutting’ but time to waste.
Wow... This is the really bad part of the article. “Apple has refused to address the vulnerability in older versions of OS X, such as version 10.9.x.”
Come on Apple fix your crap!
Rootpipe attack sounds like something the current CEO might actually enjoy!
Lmao!!! Maybe that’s why he won’t fix it in previous versions of osx and why it’s not fully fixed in the current version. He just can’t wait that rootpipe.
Quit not wait (dang autocorrect)
No surprise here, for-q-clinton (is your name a public announcement of your secret passions?), to again throw the homosexual garbage into a thread with no constructive contribution to the discussion.
Huh? I replied to someone else saying it first. Sorry I found it funny. Your love for Apple has stopped your sense of humor or are you always uptight?
Odd sense of humor you have there... Has nothing to do with my supposed "love for Apple". It has everything to do with being sick and tired of flames and puke being spewed about Apple and faggots... your participation just further inflamed that frustration. The homo agenda gets enough attention without folks using it to insult the intelligence of the rest of us.
So you like the rootpipe?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.