[dba-Tech] Your Apple's Mac computer is vulnerable to a serious privilege escalation flaw even if you are running the latest version of Mac OS X.

John R Bartow jbartow at winhaven.net
Tue Apr 21 10:50:30 CDT 2015


Apple Failed to Patch Rootpipe Mac OS X Yosemite Vulnerability
Sad but True! Your Apple's Mac computer is vulnerable to a serious privilege
escalation flaw, dubbed "RootPipe," even if you are running the latest
version of Mac OS X.

What's RootPipe?
Back in October 2014, a Swedish White Hat hacker Emil Kvarnhammar claimed to
have discovered a critical privilege escalation vulnerability, he dubbed the
backdoor as "RootPipe," in some versions of Mac OS X including the then
newest version 10.10 Yosemite.
The vulnerability (CVE-2015-1130) could allow an attacker to take full
control of your desktop Mac computer or MacBook laptop, even without any
authentication.
Keeping in mind the devastating effect of the RootPipe vulnerability, the
researcher privately reported the flaw to Apple and did not disclose the
details of the flaw publicly until the company released a patch to fix it.

Apple did release an update but failed to patch RootPipe:
Earlier this month, Apple released the latest version of Mac OS X Yosemite,
i.e. OS X Yosemite 10.10.3, and claimed to have fixed the so-called Rootpipe
backdoor, which had been residing on Mac computers since 2011.
However, the company did not fix the flaw in the older versions (below
10.10) of the operating system due to uncodified Apple policy on patching,
leaving tens of millions of Mac users at risk.
"Apple indicated that this issue required a substantial amount of changes on
their side and that they would not backport the fix to 10.9.x and older,"
Kvarnhammar said in a blog post on the TrueSec website.

But here's the worse part:
Apple's RootPipe vulnerability patch for Mac OS X Yosemite 10.10.3 is
claimed to be itself vulnerable, which again left all the Mac machines
vulnerable to the RootPipe attacks.
Holy Crap!

Patrick Wardle, an ex-NSA staffer and current director of R&D at Synack,
claimed to have discovered.
...a new way around Apple's security fix to reabuse the Rootpipe
vulnerability, again opening path to the highest privilege level - root
access.
Though this time, the attack requires a hacker to have gained local
privileges, which could most likely be obtained via a working exploit of
other software sitting on Mac machines.
Wardle has already reported his findings to the Apple's security team and
would not disclose the details of his attack code public before the company
will not issue a complete and unbreakable fix.
Now, let's just hope to get a tough fix for Rootpipe backdoor this time from
Apple. Last time the company took nearly six months to release a patch that
was fooled by Wardle sitting on a flight.



More information about the dba-Tech mailing list