Number: IRCNE2014112363
Date: 2014/11/05
According to “zdnet”, details are finally emerging about a serious vulnerability in Apple's OS X Yosemite, called "Rootpipe" which allows root access by attackers.
The privilege escalation vulnerability was discovered by Swedish hacker Emil Kvarnhammar, who has been asked by Apple to withhold details until January 2015 -- since Apple likely wouldn't allow details until they have a fix, this is probably when users can expect a patch.
"Rootpipe is a privilege escalation from admin to root so switching to a non-admin account would clearly be a good thing," Kvarnhammar said.
Kvarnhammar said, "The current agreement with Apple is to disclose all details in mid-January 2015. This might sound like a long wait, but hey, time flies. It's important that they have time to patch, and that the patch is available for some time."
Kvarnhammar first found the exploit in previous versions of Apple's OS around mid-October.
The same day Kvarnhammar tweeted caution to give Apple time in pushing out a fix, somewhat coincidentally, Apple rolled out security updates for Mountain Lion, Mavericks, OS X Server versions 2, 3 and 4 (new version) and iTunes -- which added up to address a whopping 144 separate vulnerabilities. Some of the fixes were for vulnerabilities reported over a year ago.
Don't use an admin account daily.Needless to say, you should be using FileVault regardless.
Rootpipe's access is through an admin account, which is of course what everyone has to have on a Mac -- and it's what most people use for daily computer use. To clog Rootpipe, create a secondary admin account, one that you won't use every day. Then, through the admin account, you'll want to remove admin permissions from the account you’ll be using daily.
- 2