Skip to main content

Rootpipe exploit still an issue in Mac OS X, security expert finds

Apple iMac 2014 bottom screen
Image used with permission by copyright holder
Patrick Wardle, a former NSA staffer, has revealed that Apple may have botched a patch of a significant vulnerability known as Rootpipe. Security Software Engineer Emil Kvarnhammar claimed in a blog post on April 9 that Apple had originally resolved the issue with the release of OS X 10.10.3. Now, Wardle has discovered that all Mac machines are still prone to attack, according to Forbes.

Apple initially learned of Rootpipe in October 2014, and planned for a fix by January 2015. In short, Rootpipe allows an attacker who has local access to a Mac product to achieve root privileges. This gives him or her full control of the machine without the need for additional authentication.

Recommended Videos

“I found a novel, yet trivial way for any local user to re-abuse Rootpipe — even on a fully patched OS X 10.10.3 system,” Wardle wrote in his own blog piece, posted on April 18. “In the spirit of responsible disclosure, (at this time), I won’t be providing the technical details of the attack (besides of course to Apple). However, I felt that in the meantime, OS X users should be aware of the risk.”

Please enable Javascript to view this content

In an email to Forbes, Wardle went on to say that he was tempted to walk into an Apple store and try to exploit the issue on a display model. In the end, he did not do so, but wants to get the word out about the issue.

The Apple update that addressed the Rootpipe vulnerability claimed that Macs would now have “improved entitlement checking.” When it was released on April 8, the company was widely criticized for only providing a patch for newer editions of its Yosemite operating system.

Apple has been on the hot seat as of late for its security vulnerabilities. German Researcher Stefan Esser made waves with his reporting at the Syscan Conference, highlighting Apple’s iOS vulnerabilities.

Krystle Vermes
Former Digital Trends Contributor
Krystle Vermes is a professional writer, blogger and podcaster with a background in both online and print journalism. Her…
I’d never use a Mac without first changing these 8 security settings
Security and Privacy settings open on a MacBook.

If you’ve got one of the best MacBooks or Macs, the chances are good that you do an awful lot of sensitive stuff on your computer. Think about all the passwords you enter, the emails you send and receive, and the documents you create -- all of those can provide a treasure trove of data to any sticky-fingered ne’er-do-wells who manage to gain access to your device.

To prevent the worst from happening, it’s a good idea to beef up your Mac security. The good news is that doing so is far easier than you might think, and there are a handful of macOS settings you can change right now to keep your Mac -- and all the information it holds about you -- safe from prying eyes.

Read more
The MacBook that Windows laptops still can’t beat
The keyboard of the MacBook Air.

Windows laptops have had a great year so far. Not only did we get the launch of Snapdragon X chips as part of the Copilot+ PC line to compete with the MacBook Air, but the recent AMD Ryzen 300 AI chips are also impressive, with powerful laptops like the Zenbook S 16 taking on the MacBook Pro.

More and more, Windows laptops aren't just looking like sufficient alternatives to MacBooks -- they have some serious staying power as some of the best laptops you can buy.

Read more
People are arguing about this classic macOS feature, and it’s hilarious
A man sitting at a desk in front of an M1 iMac. Behind him is a large glass window and a set of shelves holding books, plants and ornaments.

Moving from Windows to Mac can be confusing. Long ago, I was a lifelong Windows user before I tried my first Mac, and many of the changes were jarring and confusing. It’s often not the biggest differences that give you pause, either -- it’s the hundreds of tiny discrepancies that are just dissimilar enough to befuddle the heck out of you.

For me, one of the most perplexing changes was how much working with apps in macOS differed from Windows. “You mean I don’t need a wizard to uninstall an app?” I thought. “I can just move it to the Trash? Won't that … break something?”

Read more