Phoenix; RootPipe Reborn from patrick wardle on Vimeo.

A former NSA staffer says that the OS X 10.10.3 update which Apple claims fixed a significant security vulnerability has failed to do so, reports Forbes. Patrick Wardle, who now heads up research at security firm Synack, demonstrated the vulnerability in a video (without revealing exactly how it was done) to allow Apple time to issue a further fix.

The Rootpipe vulnerability allows an attacker with local access to a Mac to escalate their privileges to root – allowing them full control of the machine – without further authentication. A second security researcher confirmed the flaw … 


Wardle said the exploit he used was “novel yet trivial,” while security researcher Pedro Vilaça said that the fix attempted in OS X 10.10.3 was doomed from the start since there were “a tonne of ways to bypass it.”

Wardle added that he had resisted the temptation to use the exploit on display models at an Apple Store, and had passed full details to Apple.

It was reported earlier today that around 1,500 iOS apps are vulnerable to man-in-the-middle attacks thanks to their use of buggy open-source networking code.

About the Author

Ben Lovejoy's favorite gear