|
|
Swedish hacker finds 'serious' vulnerability in OS X Yosemite - TechAmok
Swedish hacker finds 'serious' vulnerability in OS X Yosemite - [security]
(iceb) - 04:43 PM EST - Nov,03 2014 - post a comment A white-hat hacker from Sweden says he's found a serious security hole in Apple's Yosemite OS X that could allow an attacker to take control of your computer. Emil Kvarnhammar, a hacker at Swedish security firm Truesec, calls the vulnerability "rootpipe" and has explained how he found it and how you can protect against it. It's a so-called privilege escalation vulnerability, which means that even without a password an attacker could gain the highest level of access on a machine, known as root access. From there, the attacker has full control of the system. It affects the newest OS X release, version 10.10, known as Yosemite. Apple hasn't fixed the flaw yet, he says, so Truesec won't provide details yet of how it works.
"I started looking at the admin operations and found a way to create a shell with root privileges," he says. "It took a few days of binary analysis to find the flaw, and I was pretty surprised when I found it."
He tested the vulnerability on version 10.8.5 of the OS and got it to work, he says. Then he tried on 10.9 but with no luck.
"I was a bit dejected but continued to investigate," Kvarnhammar said. "There were a few small differences [in later releases] but the architecture was the same. With a few modifications I was able to use the vulnerability in the latest Mac OS X, version 10.10."
When he's trying to find vulnerabilities in an OS, he said, he tries to get a feel for how the developer was thinking. In this case, Apple had migrated and moved some functions, but basically the same flaws remained.
"Normally there are 'sudo' password requirements, which work as a barrier, so the admin can't gain root access without entering the correct password. However, rootpipe circumvents this," he says.
|
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
Feb,03 2026 Google Meet can now join Microsoft Teams calls Feb,03 2026 The Devil Wears Prada 2 - Official Trailer (2026) Meryl Streep, Anne Feb,02 2026 *EPSTEIN HAD THE SEC SUE RIPPLE/XRP - HOLY SH*T | Gensler Worked For Feb,02 2026 Mozilla Firefox is making it super easy to turn off its generative Feb,01 2026 Windows 11 quietly gets a new security feature to protect system Feb,01 2026 WARNING: TRUMP & RIPPLE/XRP SECRET AGREEMENT AT DAVOS Feb,01 2026 China's new RAM company, CXMT, is selling RAM at $138 Feb,01 2026 Windows keeps a permanent record of every USB device you've ever Feb,01 2026 Intel Is BACK - Panther Lake Changes Everything Jan,31 2026 NVIDIA Releases GeForce Security Update Driver 582.28 for Legacy Jan,31 2026 AMD 'Zen 6' CCD Packs 12 Cores, 48 MB L3 Cache Jan,31 2026 Microsoft Set to Disable Legacy NTLM Authentication by Default in Jan,30 2026 NVIDIA GeForce 591.86 WHQL Driver Jan,30 2026 iOS 26.3-Important New iPhone Location Privacy Feature Coming Soon Jan,29 2026 I Made the Ultimate Steam Machine Before Valve Jan,29 2026 Wardriver - Official Trailer (2026) Dane DeHaan, Sasha Calle, Jan,28 2026 Apple Intros Improved AirTag Jan,28 2026 US Version of TikTok off to Bumpy Start; Competitors Surge Jan,28 2026 Google Chrome no longer needs you, as Gemini takes the driving seat Jan,27 2026 Premium Subscriptions Coming to Facebook, Instagram, WhatsApp Jan,25 2026 Windows 11 Best For Gaming? Windows 11 25H2 vs. Windows 10 Jan,24 2026 Microsoft Says Uninstall This Windows Update Immediately (KB5077744 Jan,22 2026 Xbox Developer Direct Livestream 2026 | Fable, Forza Horizon 6, Jan,22 2026 Iridium Begins Testing its own Satellite Service for Phones Jan,22 2026 AMD Releases Adrenalin Edition 26.1.1 WHQL Drivers Jan,18 2026 AI in 2050 Jan,17 2026 iOS 26.2 Fixes Major Security Flaws Jan,17 2026 Google Links its AI to Your Gmail and Photos for "Personal Jan,17 2026 Fastest Koenigsegg v Fastest Bugatti: DRAG RACE Jan,17 2026 Creating a 48GB NVIDIA RTX 4090 GPU Jan,14 2026 CES was frickin weird, guys Jan,12 2026 Lee Cronin's The Mummy - Official Teaser Trailer (2026) Jack Jan,12 2026 Ferrari SF90 XX v Xiaomi SU7 Ultra: DRAG RACE Jan,10 2026 Welcome to the Wasteland - Fallout (American TV series) fan video Jan,09 2026 GOOD LUCK, HAVE FUN, DON'T DIE Trailer 2 (2026) Sam Rockwell Jan,07 2026 NVIDIA Releases GeForce 591.74 WHQL Drivers with DLSS 4.5 Support Jan,07 2026 Predator: Badlands Exclusive Deleted Scene (2025) Jan,06 2026 Greenland 2: Migration - Official Trailer 3 (2026) Gerard Butler, Jan,05 2026 The Best Laptops of 2025 - For Gaming, Creators & Students! Jan,05 2026 Punkt Updates its Privacy-Focused Smartphone
>> News Archive <<
| |
|
