Phoenix; RootPipe Reborn from patrick wardle on Vimeo.
A former NSA staffer says that the OS X 10.10.3 update which Apple claims fixed a significant security vulnerability has failed to do so, reports Forbes. Patrick Wardle, who now heads up research at security firm Synack, demonstrated the vulnerability in a video (without revealing exactly how it was done) to allow Apple time to issue a further fix.
The Rootpipe vulnerability allows an attacker with local access to a Mac to escalate their privileges to root – allowing them full control of the machine – without further authentication. A second security researcher confirmed the flaw …
Wardle said the exploit he used was “novel yet trivial,” while security researcher Pedro Vilaça said that the fix attempted in OS X 10.10.3 was doomed from the start since there were “a tonne of ways to bypass it.”
Wardle added that he had resisted the temptation to use the exploit on display models at an Apple Store, and had passed full details to Apple.
It was reported earlier today that around 1,500 iOS apps are vulnerable to man-in-the-middle attacks thanks to their use of buggy open-source networking code.
FTC: We use income earning auto affiliate links. More.
Nothing new here, I knew about it in the beta. I asked if they had fixed it? I was told they were unable to fix it at the moment. So 10.10.3 came out with problems, and the folks at APPLE hail it as the greatest.
Physical access? Nothing to worry about to be honest.
If you have physical access to my wallet, you can steal my cash. Am I supposed to worry about that, too? For computer exploits anything that can be done remotely is dangerous. But even the NSA isn’t going to send a spy over to my house to physically access my computer – that’s a whole different ballgame, and at that level of security awareness there are many other things I would be more concerned about than my computer.
Yes – you need a pantspipe fix to stop it. :)
Scanner says nothing found. So I’m not sure this is right about it not being fixed. Maybe he hasn’t updated yet or something.
Yea if you need physical access to my computer then you got me but first you have to get inside. So that’s not very likely to happen. I don’t have important data that you would need to hijack my computer for anyways. This writer should worry more about network vulnerabilities from the internet. That is of more concern then physical access to computers.
Physical access is one thing, but a malicious download that you can install can do this too.
If my memory served me right, there were TWO system updates last week.
I’ve tried this exploit myself on my 10.10.3 ( with second update installed ) and it doesn’t work anymore.
Try it yourself: https://github.com/sideeffect42/RootPipeTester
The vulnerability is to a specific form of the attack, which has not yet been disclosed. It passes the standard test.
Ehem, where did the whole “you need physical access” thing come from? That is 100% false…BTW this is still not fixed as of May 24th…
Sigh, looks like the 10.10.4 beta is vulnerable still (proof: https://twitter.com/emilkvarnhammar/status/592804508385878017 — this is the researcher who originally notified Apple of the issue last year)…what a joke, they were notified about this in October 2014, then pushed out some lame fix that doesn’t even work AND said everything pre-yosemite will never be fixed, ever.