Skip to main content

OS X 10.10.3 update failed to fix Rootpipe vulnerability, says former NSA staffer

Phoenix; RootPipe Reborn from patrick wardle on Vimeo.

A former NSA staffer says that the OS X 10.10.3 update which Apple claims fixed a significant security vulnerability has failed to do so, reports Forbes. Patrick Wardle, who now heads up research at security firm Synack, demonstrated the vulnerability in a video (without revealing exactly how it was done) to allow Apple time to issue a further fix.

The Rootpipe vulnerability allows an attacker with local access to a Mac to escalate their privileges to root – allowing them full control of the machine – without further authentication. A second security researcher confirmed the flaw … 

Wardle said the exploit he used was “novel yet trivial,” while security researcher Pedro Vilaça said that the fix attempted in OS X 10.10.3 was doomed from the start since there were “a tonne of ways to bypass it.”

Wardle added that he had resisted the temptation to use the exploit on display models at an Apple Store, and had passed full details to Apple.

It was reported earlier today that around 1,500 iOS apps are vulnerable to man-in-the-middle attacks thanks to their use of buggy open-source networking code.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Moises Agudo - 9 years ago

    Nothing new here, I knew about it in the beta. I asked if they had fixed it? I was told they were unable to fix it at the moment. So 10.10.3 came out with problems, and the folks at APPLE hail it as the greatest.

  2. orthorim - 9 years ago

    Physical access? Nothing to worry about to be honest.

    If you have physical access to my wallet, you can steal my cash. Am I supposed to worry about that, too? For computer exploits anything that can be done remotely is dangerous. But even the NSA isn’t going to send a spy over to my house to physically access my computer – that’s a whole different ballgame, and at that level of security awareness there are many other things I would be more concerned about than my computer.

  3. b9bot - 9 years ago

    Scanner says nothing found. So I’m not sure this is right about it not being fixed. Maybe he hasn’t updated yet or something.

    • b9bot - 9 years ago

      Yea if you need physical access to my computer then you got me but first you have to get inside. So that’s not very likely to happen. I don’t have important data that you would need to hijack my computer for anyways. This writer should worry more about network vulnerabilities from the internet. That is of more concern then physical access to computers.

  4. Stephan Vermette - 9 years ago

    Physical access is one thing, but a malicious download that you can install can do this too.

  5. If my memory served me right, there were TWO system updates last week.

    I’ve tried this exploit myself on my 10.10.3 ( with second update installed ) and it doesn’t work anymore.

    Try it yourself: https://github.com/sideeffect42/RootPipeTester

    • Ben Lovejoy - 9 years ago

      The vulnerability is to a specific form of the attack, which has not yet been disclosed. It passes the standard test.

  6. srgmac - 9 years ago

    Ehem, where did the whole “you need physical access” thing come from? That is 100% false…BTW this is still not fixed as of May 24th…

    • srgmac - 9 years ago

      Sigh, looks like the 10.10.4 beta is vulnerable still (proof: https://twitter.com/emilkvarnhammar/status/592804508385878017 — this is the researcher who originally notified Apple of the issue last year)…what a joke, they were notified about this in October 2014, then pushed out some lame fix that doesn’t even work AND said everything pre-yosemite will never be fixed, ever.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear