|
|
Swedish hacker finds 'serious' vulnerability in OS X Yosemite - TechAmok
Swedish hacker finds 'serious' vulnerability in OS X Yosemite - [security]
(iceb) - 04:43 PM EST - Nov,03 2014 - post a comment A white-hat hacker from Sweden says he's found a serious security hole in Apple's Yosemite OS X that could allow an attacker to take control of your computer. Emil Kvarnhammar, a hacker at Swedish security firm Truesec, calls the vulnerability "rootpipe" and has explained how he found it and how you can protect against it. It's a so-called privilege escalation vulnerability, which means that even without a password an attacker could gain the highest level of access on a machine, known as root access. From there, the attacker has full control of the system. It affects the newest OS X release, version 10.10, known as Yosemite. Apple hasn't fixed the flaw yet, he says, so Truesec won't provide details yet of how it works.
"I started looking at the admin operations and found a way to create a shell with root privileges," he says. "It took a few days of binary analysis to find the flaw, and I was pretty surprised when I found it."
He tested the vulnerability on version 10.8.5 of the OS and got it to work, he says. Then he tried on 10.9 but with no luck.
"I was a bit dejected but continued to investigate," Kvarnhammar said. "There were a few small differences [in later releases] but the architecture was the same. With a few modifications I was able to use the vulnerability in the latest Mac OS X, version 10.10."
When he's trying to find vulnerabilities in an OS, he said, he tries to get a feel for how the developer was thinking. In this case, Apple had migrated and moved some functions, but basically the same flaws remained.
"Normally there are 'sudo' password requirements, which work as a barrier, so the admin can't gain root access without entering the correct password. However, rootpipe circumvents this," he says.
|
|
Short overview of recent news articles |
|
Microsoft Axes Standalone SharePoint and OneDrive Plans in Push to (Feb,04 2026 ) Nvidia's $100 billion OpenAI deal has seemingly vanished (Feb,04 2026 ) The Best 14" Gaming Laptops Right Now (Feb,04 2026 ) The Solution to the RAM Crisis is… DDR4??? (Feb,04 2026 ) Google Meet can now join Microsoft Teams calls (Feb,03 2026 ) The Devil Wears Prada 2 - Official Trailer (2026) Meryl Streep, Anne (Feb,03 2026 ) *EPSTEIN HAD THE SEC SUE RIPPLE/XRP - HOLY SH*T | Gensler Worked For (Feb,02 2026 ) Mozilla Firefox is making it super easy to turn off its generative (Feb,02 2026 ) Windows 11 quietly gets a new security feature to protect system (Feb,01 2026 ) WARNING: TRUMP & RIPPLE/XRP SECRET AGREEMENT AT DAVOS (Feb,01 2026 ) China's new RAM company, CXMT, is selling RAM at $138 (Feb,01 2026 ) Windows keeps a permanent record of every USB device you've ever (Feb,01 2026 ) Intel Is BACK - Panther Lake Changes Everything (Feb,01 2026 ) NVIDIA Releases GeForce Security Update Driver 582.28 for Legacy (Jan,31 2026 ) AMD 'Zen 6' CCD Packs 12 Cores, 48 MB L3 Cache (Jan,31 2026 ) Microsoft Set to Disable Legacy NTLM Authentication by Default in (Jan,31 2026 ) NVIDIA GeForce 591.86 WHQL Driver (Jan,30 2026 ) iOS 26.3-Important New iPhone Location Privacy Feature Coming Soon (Jan,30 2026 ) I Made the Ultimate Steam Machine Before Valve (Jan,29 2026 ) Wardriver - Official Trailer (2026) Dane DeHaan, Sasha Calle, (Jan,29 2026 ) Apple Intros Improved AirTag (Jan,28 2026 ) US Version of TikTok off to Bumpy Start; Competitors Surge (Jan,28 2026 ) Google Chrome no longer needs you, as Gemini takes the driving seat (Jan,28 2026 ) Premium Subscriptions Coming to Facebook, Instagram, WhatsApp (Jan,27 2026 ) Windows 11 Best For Gaming? Windows 11 25H2 vs. Windows 10 (Jan,25 2026 ) Microsoft Says Uninstall This Windows Update Immediately (KB5077744 (Jan,24 2026 ) Xbox Developer Direct Livestream 2026 | Fable, Forza Horizon 6, (Jan,22 2026 ) Iridium Begins Testing its own Satellite Service for Phones (Jan,22 2026 ) AMD Releases Adrenalin Edition 26.1.1 WHQL Drivers (Jan,22 2026 ) AI in 2050 (Jan,18 2026 ) iOS 26.2 Fixes Major Security Flaws (Jan,17 2026 ) Google Links its AI to Your Gmail and Photos for "Personal (Jan,17 2026 ) Fastest Koenigsegg v Fastest Bugatti: DRAG RACE (Jan,17 2026 ) Creating a 48GB NVIDIA RTX 4090 GPU (Jan,17 2026 ) CES was frickin weird, guys (Jan,14 2026 ) Lee Cronin's The Mummy - Official Teaser Trailer (2026) Jack (Jan,12 2026 ) Ferrari SF90 XX v Xiaomi SU7 Ultra: DRAG RACE (Jan,12 2026 ) Welcome to the Wasteland - Fallout (American TV series) fan video (Jan,10 2026 ) GOOD LUCK, HAVE FUN, DON'T DIE Trailer 2 (2026) Sam Rockwell (Jan,09 2026 ) NVIDIA Releases GeForce 591.74 WHQL Drivers with DLSS 4.5 Support (Jan,07 2026 ) Predator: Badlands Exclusive Deleted Scene (2025) (Jan,07 2026 ) Greenland 2: Migration - Official Trailer 3 (2026) Gerard Butler, (Jan,06 2026 ) The Best Laptops of 2025 - For Gaming, Creators & Students! (Jan,05 2026 ) Punkt Updates its Privacy-Focused Smartphone (Jan,05 2026 ) Clicks Launches New Ways to Add a Physical Keyboard to Your Life (Jan,05 2026 ) Building a PC for the First Time (Jan,05 2026 ) Building a PC in 2026 (Jan,03 2026 ) I want this phone so bad... - Samsung Galaxy Z TriFold (Jan,02 2026 ) The Real Finewine Strikes Again: Ryzen 5600X, 5700X & 5800XT Revisit (Jan,02 2026 ) Nokia N8 Symbian Re-Awakened With Passion (Jan,02 2026 )
>> News Archive <<
| |
|
