Linked by David Adams on Mon 3rd Nov 2014 22:27 UTC
Privacy, Security, Encryption Emil Kvarnhammar, a hacker at Swedish security firm Truesec, calls the vulnerability "rootpipe" and has explained how he found it and how you can protect against it. It's a so-called privilege escalation vulnerability, which means that even without a password an attacker could gain the highest level of access on a machine, known as root access. From there, the attacker has full control of the system. It affects the newest OS X release, version 10.10, known as Yosemite. Apple hasn't fixed the flaw yet, he says, so Truesec won't provide details yet of how it works.
Permalink for comment 598910
To read all comments associated with this story, please click here.
RE: Local exploit though?
by benjymouse on Tue 4th Nov 2014 16:43 UTC in reply to "Local exploit though?"
Member since:

The article isn't clear on that, but it looks to me that the exploit is local, i.e. the attacker needs to already have access to your machine somehow. In which case you have bigger problems than one privilege escalation vulnerability.

I wish people would stop spreading this falsehood. Local exploits only means that the attacker needs to be able to run a process locally on the machine, not that he needs to be physically at the console.

This is a privilege escalation and what it means is that it only takes one simple bug in Firefox or Safari (and there have been and will be plenty) to PWN your machine.

How often do we hear fanbois proclaim that "it's the users own fault because installing this malware will prompt for admin password". Guess what - all those vulnerabilities dismissed as "not serious" suddenly becomes total machine ownage when combined with this one.

Local privilege vulnerabilities are serious. Attackers are sophisticated and (above all) persistent. If they find a vuln in Safari (or simply reverse engineer from Googles patches as Apple is always notoriously behind) they may "sit" on it until an opportunity like this one appears.

To be clear: This isn't different from any other OS. Local privilege escalations are always only one other vuln from becoming system pwnage.

Reply Parent Score: 5