Skip to main content

Rootpipe exploit still an issue in Mac OS X, security expert finds

Patrick Wardle, a former NSA staffer, has revealed that Apple may have botched a patch of a significant vulnerability known as Rootpipe. Security Software Engineer Emil Kvarnhammar claimed in a blog post on April 9 that Apple had originally resolved the issue with the release of OS X 10.10.3. Now, Wardle has discovered that all Mac machines are still prone to attack, according to Forbes.

Apple initially learned of Rootpipe in October 2014, and planned for a fix by January 2015. In short, Rootpipe allows an attacker who has local access to a Mac product to achieve root privileges. This gives him or her full control of the machine without the need for additional authentication.

Recommended Videos

“I found a novel, yet trivial way for any local user to re-abuse Rootpipe — even on a fully patched OS X 10.10.3 system,” Wardle wrote in his own blog piece, posted on April 18. “In the spirit of responsible disclosure, (at this time), I won’t be providing the technical details of the attack (besides of course to Apple). However, I felt that in the meantime, OS X users should be aware of the risk.”

In an email to Forbes, Wardle went on to say that he was tempted to walk into an Apple store and try to exploit the issue on a display model. In the end, he did not do so, but wants to get the word out about the issue.

The Apple update that addressed the Rootpipe vulnerability claimed that Macs would now have “improved entitlement checking.” When it was released on April 8, the company was widely criticized for only providing a patch for newer editions of its Yosemite operating system.

Apple has been on the hot seat as of late for its security vulnerabilities. German Researcher Stefan Esser made waves with his reporting at the Syscan Conference, highlighting Apple’s iOS vulnerabilities.

Krystle Vermes
Former Digital Trends Contributor
Krystle Vermes is a professional writer, blogger and podcaster with a background in both online and print journalism. Her…
Copilot is Microsoft’s cue to redeem Windows and edge past macOS
The new Surface Laptop 13 on a white table.

There is always going to be a big divide between macOS and Windows. Much of it has to do with the functional disparities that are deeply ingrained at an OS-level. Or if you dive into the heated community debates, you will see it broadly as a battle between seamlessness and flexibility. 

Gaming remains the guiding star for Windows adherents. A handful of highly specialized niche industry tools also remain locked to the Microsoft platform. On the other hand, macOS fans swear by the fluid software, plenty of firepower options in the M-series silicon era, and fantastic hardware. 

Read more
WWDC may not deliver the macOS magic I’d love to see. Here’s why
macOS Sequoia being introduced by Apple's Craig Federighi at the Worldwide Developers Conference (WWDC) 2024.

Apple’s Worldwide Developers Conference (WWDC) is just two months away, and that means I’m starting to look forward to what could be coming to the Mac at Apple’s big summer show. The problem is that every time I think about WWDC 2025, I can’t shake one feeling: that Apple Intelligence is going to dominate everything at the event.To be fair, I don’t think Apple can do things any other way. As I’ve written about before, this year’s WWDC is make or break for Apple Intelligence. Apple has to not only make sure that its artificial intelligence (AI) platform catches up with rivals like ChatGPT and Google Gemini, but that it actually offers a service that can outdo its competitors in some ways. It needs to convince the public that Apple Intelligence is a worthy contender for their AI needs.And if Apple gets it right, then Apple Intelligence might finally become the system it was always meant to be, with a revamped Siri that possesses incredible contextual awareness and useful additions to key Mac apps that help you in your everyday life.But while I’m really hoping that Apple Intelligence gets the shake-up it so clearly needs, I don’t want the likes of macOS 16 and iOS 19 to miss out as a result. After all, these are the core aspects of Apple fans’ favorite devices. Without meaningful upgrades here, we’re all going to be a little worse off.

Déjà vu

Read more
Assassin’s Creed Shadows is now on Mac, but some big games are still missing
Yasuke and Naoe in fighting stances in Assassin's Creed Shadows.

Assassin’s Creed Shadows has launched on Mac, PC and consoles, and while we gave it something of a mixed grade in our review, I find it a lot more interesting as a Mac gamer than someone else might.

What’s notable from a Mac gamer’s perspective is not only that a genuinely AAA game has come to the Mac, but also that it has launched on Mac at the same time as Windows. That doesn’t happen very often, and Mac gamers are used to waiting years before a title makes it to their side of the divide.

Read more