Mac OS X has a serious vulnerability that allows hackers root access to a compromised Apple machine
Security researchers have discovered a criticial vulnerability in a number of Apple operating systems.
The flaw is said to affect Apple’s OS X Yosemite, but could also impact previous Mac operating systems as well.
The flaw has been labelled “Rootpipe” according to The Hacker News, and was discovered by Swedish Security researcher Emil Kvarnhammar, a consultant at IT security firm TrueSec.
Rootpipe reportedly gives hackers admin privileges on a compromised Mac. To make matters worse, the hackers can exploit the flaw to give themselves the highest admin level, known as root access.
Kvarnhammar has not revealed the full details of the Rootpipe flaw in an effort to give Apple time to ready a security patch. Apple has asked him to withhold the details until January 2015.
“Details on the #rootpipe exploit will be presented, but not now. Let’s just give Apple some time to roll out a patch to affected users,” he tweeted.
What we do know is that the Rootpipe flaw provides hackers with a backdoor into a machine that bypasses traditional safeguard mechanisms. Once in, hackers can install malware, steal data, and escalate their admin privileges
Kvarnhammar said that the flaw has been arround since at least 2012, and apparently affects Macs running OS X Yosemite, Mavericks, or Mountain Lion. He reportedly came across the flaw when he was preparing for security events to highlight flaws in Mac OS X.
In the meantime, Apple users running Yosemite OS X are advised to avoid running the Mac with an admin level account, as the hacker could have control of that account. Mac users are also advised to Apple’s FileVault tool to encrypted their data. Others more generic steps also include keeping the Mac OS X fully up-to-date and be cautious about hyperlinks and documents send to you.
There is a perception that Apple products are more secure than their Windows-based brethren, but in reality malware, vulnerabilities, and other security concerns can also affect Apple.
That said, Apple does a good reputation when it comes to security, although it has been caught out previously, when it ignored warnings. For example Apple was criticised in 2012 by security researchers who claimed it did not react fast enough to kill off a prevalent malware strain, called Flashback.
What do you know about Internet security? Find out with our quiz!