Swedish hacker discovers critical zero-day bug Rootpipe in OS X, that could let attackers hijack Mac without a password
07 Nov 2014
Apple's Mac OS X users are being warned to watch out for a new weakness in the platform that could be used in attacks, The Guardian reported.
Dubbed Rootpipe, the vulnerability affects multiple versions of Mac OS X, including the newest release, Yosemite and allows the attacker to gain ''root'' control of a computer, the highest level of access, without having to know a password.
According to commentators, rootpipe could theoretically allow installation of any malicious software by hackers, which could be used to steal credit card details or other personal data.
Discovered by the Swedish hacker Emil Kvarnhammar, who worked for security firm Truesec, Rootpipe is described as a privilege escalation vulnerability.
Modern operating systems employed several tiers of security, ensuring that a typical user could not accidentally authorise software to damage their computer.
The highest level of access, known as ''root'' access, was typically cordoned off from all but the most essential program.
According to experts, the choice of name suggested that the vulnerability could involve exploiting the BSD UNIX command line function "pipe," or the operating system's internal pipe facility to gain full system privileges.
The bug was discovered as Kvarnhammar wanted to highlight a security vulnerability affecting a newer version of OS X for a couple of upcoming talks,
fiercecio.com reported.
He said freshness was important as Mac users tended to keep their operating systems (OS) more up-to-date than Windows users.
When it turned out that there were no recent security issues that he could use, Kvarnhammar started looking for one himself.
He said it took a few days of binary analysis to find the flaw, and he was pretty surprised when he found it.
He added, it all started when he was preparing for two security events, one in Stockholm and one in Malmö. He added, he wanted to show a flaw in Mac OS X but relatively few had been published. He said there were a few 'proof of concepts' online, but the latest he found affected the older 10.8.5 version of OS X. He said he could not find anything similar for 10.9 or 10.10.
According to Kvarnhammar he had already notified Apple about the bug, and the company had agreed to the publication of a full disclosure in January - which should give it sufficient time for the rectification of flaw and pushing out the patch.