Apple failed to fix ‘Rootpipe’ security vulnerability in OS X 10.10.3

According a report from Forbes, which cites a former NSA staffer, the latest OS X 10.10.3 update has failed to fix the major security flaw that it was actually released for.

The backdoor named Rootpipe has existed since 2011, and Apple had released the OS X 10.10.3 update last week to fix it. The company was informed about the backdoor in October last year, but it took its own sweet time to fix it.

However, as discovered by an ex-NSA staffer, Patrick Wardle, the exploit still works, and is capable of giving hacker root access on the system. Apple has put in additional steps to stop the attack in OS X10.10.3, but Wardle was still able to use the backdoor to gain root access on his machine.
“I was tempted to walk into the Apple store this [afternoon] and try it on the display models – but I stuck to testing it on my personal laptop (fully updated/patched) as well as my OS X 10.10.3 [virtual machine]. Both worked like a charm,” Wardle told FORBES over email. In a blog post, he’d said his exploit was “a novel, yet trivial way for any local user to re-abuse Rootpipe”.

So what do you think guys ?



blog comments powered by Disqus
Octofinder Blog Catalog