Security researchers have discovered a criticial vulnerability in a number of Apple operating systems.
The flaw is said to affect Apple’s OS X Yosemite, but could also impact previous Mac operating systems as well.
The flaw has been labelled “Rootpipe” according to The Hacker News, and was discovered by Swedish Security researcher Emil Kvarnhammar, a consultant at IT security firm TrueSec.
Rootpipe reportedly gives hackers admin privileges on a compromised Mac. To make matters worse, the hackers can exploit the flaw to give themselves the highest admin level, known as root access.
Kvarnhammar has not revealed the full details of the Rootpipe flaw in an effort to give Apple time to ready a security patch. Apple has asked him to withhold the details until January 2015.
What we do know is that the Rootpipe flaw provides hackers with a backdoor into a machine that bypasses traditional safeguard mechanisms. Once in, hackers can install malware, steal data, and escalate their admin privileges
Kvarnhammar said that the flaw has been arround since at least 2012, and apparently affects Macs running OS X Yosemite, Mavericks, or Mountain Lion. He reportedly came across the flaw when he was preparing for security events to highlight flaws in Mac OS X.
In the meantime, Apple users running Yosemite OS X are advised to avoid running the Mac with an admin level account, as the hacker could have control of that account. Mac users are also advised to Apple’s FileVault tool to encrypted their data. Others more generic steps also include keeping the Mac OS X fully up-to-date and be cautious about hyperlinks and documents send to you.
There is a perception that Apple products are more secure than their Windows-based brethren, but in reality malware, vulnerabilities, and other security concerns can also affect Apple.
In July for example, Apple fixed a number of bugs and security flaws in an update to OS X Mavericks, and there have been many other flaws and vulnerabilities over the years as well.
That said, Apple does a good reputation when it comes to security, although it has been caught out previously, when it ignored warnings. For example Apple was criticised in 2012 by security researchers who claimed it did not react fast enough to kill off a prevalent malware strain, called Flashback.
What do you know about Internet security? Find out with our quiz!
OpenAI to create public benefit corporation in Delaware in effort to put it on even…
Italy's data regulator fines OpenAI 15m euros over lack of 'adequate legal basis' for data…
Suchir Balaji, who claimed OpenAI broke copyright law and threatened livelihood of content creators, found…
Japan Airlines says hours-long delay to dozens of flights caused by denial-of-service attack amidst New…
Probe finds ninth US telecommunications firm hacked by China-backed 'Salt Typhoon' hacking group, as companies…
Huawei's latest Mate 70 flagship smartphone range continues to use memory chips from South Korea's…