RootPipe vulnerability, which was discovered back in October 2014, remains unfixed contrary to what Apple had claimed, former NSA staffer reveals today. Apple had claimed to have fixed the critical security vulnerability in its OS X 10.10.3 update, however, the vulnerability still infects the Mac OS X.
Also, read: 1,500 iOS Apps Prone to Man-in-the-Middle Attacks Due to HTTPS-Crippling Bug
Going back to RootPipe:
Emil Kvarnhammar had discovered this privilege escalation vulnerability later last year in some versions of the OS X including the newest Yosemite. RootPipe vulnerability allows an attacker to take full control of your Mac computer without any authentication required!
This so-called RootPipe vulnerability enables an attacker with local access to a Mac to escalate their privileges to root. Which essentially means a complete control of the machine with no further authentication required! The White Hat hacker had shared the details to Apple which then claimed to patch the vulnerability.
However... Apple failed to fix RootPipe:
Patrick Wardle who is now heading a security firm and is a former NSA employee demonstrated the vulnerability in a video showing how the critical bug still stays in the newest version - OS X Yosemite 10.10.3. The latest version, released earlier this month was supposed to fix RootPipe OS X backdoor which has resided on Mac computers since 2011!
We saw another security report today revealing that some 1,500 iOS apps are vulnerable to man-in-the-middle attacks. Let's hope Apple gears up its security a notch higher on both the iOS and OS X!
- Source: Forbes
Latest industry news and updates:
- 1,500 iOS Apps Prone to Man-in-the-Middle Attacks Due to HTTPS-Crippling Bug
- Qualcomm Assigns Samsung to Build Its Next-Gen Snapdragon 820 Chip
- Latest Bunch of Images Show 5.2 Inches Of Sony Xperia Z4 in All Its Beauty
- Apple Watch NOT to be Sold In-Store on April 24 as was Promised – Reveals Internal Memo