Categories: MacSecurityWorkspace

Apple Mac OS Has Critical ‘Rootpipe’ Vulnerability, Warns Researcher

Security researchers have discovered a criticial vulnerability in a number of Apple operating systems.

The flaw is said to affect Apple’s OS X Yosemite, but could also impact previous Mac operating systems as well.

Rootpipe Flaw

The flaw has been labelled “Rootpipe” according to The Hacker News, and was discovered by Swedish Security researcher Emil Kvarnhammar, a consultant at IT security firm TrueSec.

Rootpipe reportedly gives hackers admin privileges on a compromised Mac. To make matters worse, the hackers can exploit the flaw to give themselves the highest admin level, known as root access.

Kvarnhammar has not revealed the full details of the Rootpipe flaw in an effort to give Apple time to ready a security patch. Apple has asked him to withhold the details until January 2015.

“Details on the #rootpipe exploit will be presented, but not now. Let’s just give Apple some time to roll out a patch to affected users,” he tweeted.

What we do know is that the Rootpipe flaw provides hackers with a backdoor into a machine that bypasses traditional safeguard mechanisms. Once in, hackers can install malware, steal data, and escalate their admin privileges

Kvarnhammar said that the flaw has been arround since at least 2012, and apparently affects Macs running OS X Yosemite, Mavericks, or Mountain Lion. He reportedly came across the flaw when he was preparing for security events to highlight flaws in Mac OS X.

In the meantime, Apple users running Yosemite OS X are advised to avoid running the Mac with an admin level account, as the hacker could have control of that account. Mac users are also advised to Apple’s FileVault tool to encrypted their data. Others more generic steps also include keeping the Mac OS X fully up-to-date and be cautious about hyperlinks and documents send to you.

Apple Flaws

There is a perception that Apple products are more secure than their Windows-based brethren, but in reality malware, vulnerabilities, and other security concerns can also affect Apple.

In July for example, Apple fixed a number of bugs and security flaws in an update to OS X Mavericks, and there have been many other flaws and vulnerabilities over the years as well.

That said, Apple does a good reputation when it comes to security, although it has been caught out previously, when it ignored warnings. For example Apple was criticised in 2012 by security researchers who claimed it did not react fast enough to kill off a prevalent malware strain, called Flashback.

What do you know about Internet security? Find out with our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

OpenAI Gives Details On For-Profit Shift

OpenAI to create public benefit corporation in Delaware in effort to put it on even…

9 hours ago

Italy Fines OpenAI 15m Euros Over Data Collection

Italy's data regulator fines OpenAI 15m euros over lack of 'adequate legal basis' for data…

10 hours ago

Former OpenAI Engineer, Whistleblower Passes Away At 26

Suchir Balaji, who claimed OpenAI broke copyright law and threatened livelihood of content creators, found…

10 hours ago

Japan Airlines Flights Delayed By Cyber-Attack

Japan Airlines says hours-long delay to dozens of flights caused by denial-of-service attack amidst New…

11 hours ago

Ninth Telecoms Firm Hacked By China

Probe finds ninth US telecommunications firm hacked by China-backed 'Salt Typhoon' hacking group, as companies…

11 hours ago

Huawei’s Latest Premium Phones Use South Korean Memory Chips

Huawei's latest Mate 70 flagship smartphone range continues to use memory chips from South Korea's…

12 hours ago