Skip to main content

Rootpipe exploit still an issue in Mac OS X, security expert finds

Apple iMac 2014 bottom screen
Image used with permission by copyright holder
Patrick Wardle, a former NSA staffer, has revealed that Apple may have botched a patch of a significant vulnerability known as Rootpipe. Security Software Engineer Emil Kvarnhammar claimed in a blog post on April 9 that Apple had originally resolved the issue with the release of OS X 10.10.3. Now, Wardle has discovered that all Mac machines are still prone to attack, according to Forbes.

Apple initially learned of Rootpipe in October 2014, and planned for a fix by January 2015. In short, Rootpipe allows an attacker who has local access to a Mac product to achieve root privileges. This gives him or her full control of the machine without the need for additional authentication.

“I found a novel, yet trivial way for any local user to re-abuse Rootpipe — even on a fully patched OS X 10.10.3 system,” Wardle wrote in his own blog piece, posted on April 18. “In the spirit of responsible disclosure, (at this time), I won’t be providing the technical details of the attack (besides of course to Apple). However, I felt that in the meantime, OS X users should be aware of the risk.”

In an email to Forbes, Wardle went on to say that he was tempted to walk into an Apple store and try to exploit the issue on a display model. In the end, he did not do so, but wants to get the word out about the issue.

The Apple update that addressed the Rootpipe vulnerability claimed that Macs would now have “improved entitlement checking.” When it was released on April 8, the company was widely criticized for only providing a patch for newer editions of its Yosemite operating system.

Apple has been on the hot seat as of late for its security vulnerabilities. German Researcher Stefan Esser made waves with his reporting at the Syscan Conference, highlighting Apple’s iOS vulnerabilities.

Editors' Recommendations

Krystle Vermes
Former Digital Trends Contributor
Krystle Vermes is a professional writer, blogger and podcaster with a background in both online and print journalism. Her…
How macOS Sonoma could fix widgets — or make them even worse
Apple's 15-inch MacBook Air on a desk, with macOS Sonoma running on its display.

At its Worldwide Developers Conference (WWDC) earlier this year, Apple revealed that interactive widgets would be coming to macOS Sonoma. That probably sounds like a tiny new feature, and sure, it’s not as earth-shattering as the Vision Pro announcement. But it could turn out to be one of the most divisive new features in the Mac operating system.

In macOS Sonoma, you’ll be able to plant widgets on your desktop instead of hiding them in the Notification Center. Many widgets will be interactive, letting you tick off to-do list items without opening the widget’s app, for example. And you’ll be able to run iOS widgets right on your desktop, even if that app isn’t installed on your Mac. It’s a pretty comprehensive overhaul. Depending on how well these interactive widgets work, though, we could be left with a bunch of annoying distractions or a set of super-helpful timesavers. The way Apple handles them is going to be vital.
We've been here before

Read more
81% think ChatGPT is a security risk, survey finds
A laptop screen shows the home page for ChatGPT, OpenAI's artificial intelligence chatbot.

ChatGPT has been a polarizing invention, with responses to the artificial intelligence (AI) chatbot swinging between excitement and fear. Now, a new survey shows that disillusionment with ChatGPT could be hitting new highs.

According to a survey from security firm Malwarebytes, 81% of its respondents are worried about the security and safety risks posed by ChatGPT. It’s a remarkable finding and suggests that people are becoming increasingly concerned by the nefarious acts OpenAI’s chatbot is apparently capable of pulling off.

Read more
The best free parental control software for PC, Mac, iOS, and Android
Man using computer.

Everything in this world has gone digital, and that includes homework (if you have kids). If your children are young, you’re probably not giving them laptops or free rein of the family computer yet. You’re also probably not always able to monitor their screen activity, either.

That’s where parental control software comes in handy. Such software helps keep your kids safe from the dark web, and there are usually free options available for all operating systems. Keep reading to find out more.
Built-in OS features
Giving your kids technology designed for their age group is an excellent first step toward keeping them safe online. When they have access to more general computing devices, you can leverage parental control features built right into the operating system. The parental controls for both Windows and macOS provide a convenient and acceptable means for restricting web access and chat functionality, and give parents the ability to view detailed logs and monitor email exchanges.
Microsoft Family Safety

Read more