Apple OSX Yosemite infested by nasty 'Rootpipe' vuln

Steady on fanbois: Shell privilege escalation bug won't get fix until next January

A Swedish security researcher has turned up a serious vulnerability in OS X “Yosemite”, but details are to be withheld until January, giving Apple time to prepare a patch.

The vuln was first described in mid-October, when Truesec posted a YouTube video (below) that sketchily described the existence of the bug.

Truesec researcher Emil Kvarnhammar says he discovered a way to get past the user controls on Apple's terminal shell, to gain access to a shell with root privileges. The vulnerability subverts the password requirements for someone to run sudo – that is, to access the shell as a superuser.

While Kvarnhammar hasn't told the world whether it's a purely-local exploit or remotely-exploitable, the advice he gives suggests the latter. First, Apple users should create their day-to-day account (without admin privileges) as a separate user and not run as Administrator for “normal” operations. Second, users should turn on FileVault to encrypt their hard drives.

Kvarnhammar is quoted in Swedish media (for example, here), picked up in English all over the world, as saying he's tested the bug on OS X 10.8, 10.9 and 10.10. He has confirmed that it has existed since at least 2012, but probably is much older than that. ®

Youtube Video