|
|
Swedish hacker finds 'serious' vulnerability in OS X Yosemite - TechAmok
Swedish hacker finds 'serious' vulnerability in OS X Yosemite - [security]
(iceb) - 04:43 PM EST - Nov,03 2014 - post a comment A white-hat hacker from Sweden says he's found a serious security hole in Apple's Yosemite OS X that could allow an attacker to take control of your computer. Emil Kvarnhammar, a hacker at Swedish security firm Truesec, calls the vulnerability "rootpipe" and has explained how he found it and how you can protect against it. It's a so-called privilege escalation vulnerability, which means that even without a password an attacker could gain the highest level of access on a machine, known as root access. From there, the attacker has full control of the system. It affects the newest OS X release, version 10.10, known as Yosemite. Apple hasn't fixed the flaw yet, he says, so Truesec won't provide details yet of how it works.
"I started looking at the admin operations and found a way to create a shell with root privileges," he says. "It took a few days of binary analysis to find the flaw, and I was pretty surprised when I found it."
He tested the vulnerability on version 10.8.5 of the OS and got it to work, he says. Then he tried on 10.9 but with no luck.
"I was a bit dejected but continued to investigate," Kvarnhammar said. "There were a few small differences [in later releases] but the architecture was the same. With a few modifications I was able to use the vulnerability in the latest Mac OS X, version 10.10."
When he's trying to find vulnerabilities in an OS, he said, he tries to get a feel for how the developer was thinking. In this case, Apple had migrated and moved some functions, but basically the same flaws remained.
"Normally there are 'sudo' password requirements, which work as a barrier, so the admin can't gain root access without entering the correct password. However, rootpipe circumvents this," he says.
|
|
Short overview of recent news articles |
|
I was WRONG about the Porsche 911 GT3 (or was I?) (Nov,20 2025 ) Pi GPT Tool Turns Raspberry Pi into a ChatGPT-Powered Smart Device (Nov,20 2025 ) Rainbow Six Siege X - Official 'Team Rainbow's Last Mission' (Nov,17 2025 ) Stranger Things Seasons 1-4 Recap (Nov,17 2025 ) Kill Bill: The Whole Bloody Affair - Official Trailer (2025) Uma (Nov,16 2025 ) The Devil Wears Prada 2 - Official Teaser Trailer (2026) Meryl (Nov,15 2025 ) Valve’s New Console and Controller - STEAM Machine & STEAM (Nov,15 2025 ) Valve Steam Machine, Desktop SteamOS, Steam Frame VR, & Controller | (Nov,15 2025 ) Battlefield REDSEC - Official Live-Action Trailer (Nov,01 2025 ) What's the Best PC Upgrade (besides CPU/GPU)? (Nov,01 2025 ) Directive 8020 - RTX On Trailer (Oct,31 2025 ) Stranger Things 5 - Official Trailer (Oct,30 2025 ) AMD Releases Software Adrenalin Edition 25.10.2 WHQL Drivers (Oct,29 2025 ) Exploding AMD CPUs | Investigating ASRock's Murderboards (Oct,29 2025 ) Setting Up Our First Huge Gaming Event was CHAOS (Oct,29 2025 ) Malware of the Future: What an infected system looks like in 2025 (Oct,27 2025 ) F1: Race Highlights | 2025 Mexico City Grand Prix (Oct,27 2025 ) F1: Qualifying Highlights | 2025 Mexico City Grand Prix (Oct,26 2025 ) New Big Windows 11 25H2 October Update - New Taskbar Battery Icons (Oct,25 2025 ) Apple Prepping 'Transfer to Android' Feature, Including 3rd-Party (Oct,25 2025 ) HW News - RIP Internet, RAM Prices Skyrocket from AI Demand, Intel (Oct,24 2025 ) Retro Gaming PC Upgrades go WRONG! (Oct,21 2025 ) How social media has ruined us - the more time you spend online, the (Oct,21 2025 ) FERRARI 12 CILINDRI // 340KMH REVIEW on AUTOBAHN (Oct,20 2025 ) ROG Xbox Ally X - a PC Gamer's Perspective (Oct,20 2025 ) Race Highlights | 2025 United States Grand Prix (Oct,20 2025 ) RedMagic Puts Liquid Cooling in its New Gaming Phone (Oct,18 2025 ) Russia Says U.S. Is Planning a $37 Trillion Crypto Reset (Oct,18 2025 ) Tor Browser says no to Firefox's AI features as it removes them (Oct,18 2025 ) NVIDIA GeForce 581.57 WHQL Driver (Oct,14 2025 ) Samsung One UI 8.5 vs iOS 26 - COMPARISON (Oct,13 2025 ) Google Turned Down by Supreme Court, Must Open up App Payments (Oct,12 2025 ) AMD releases new 25.10.1 preview graphics driver with Battlefield 6 (Oct,10 2025 ) MERCY Official Trailer (2026) Chris Pratt (Oct,10 2025 ) Galaxy S26 Ultra - Samsung, Please Don't Copy This (Oct,07 2025 ) Canada's Las Vegas Sphere is here - and I game on it (Oct,06 2025 ) Predator: Badlands - Official Final Trailer (2025) (Oct,06 2025 ) Chasing a Gaming World Record (Oct,04 2025 ) Frankenstein - Official Trailer (2025) Guillermo del Toro, Oscar (Oct,02 2025 ) iPhone 17 Pro Max vs 16 Pro Max / Pixel 10 Pro XL / Galaxy S25 Ultra (Oct,02 2025 ) iOS 26.0.1 is Out! - What's New? (Sep,30 2025 ) NEW! 2026 Audi Q3 2.0 TFSI (265hp) vs. e-hybrid (272hp)| 0-100 km/h (Sep,30 2025 ) Samsung One UI 8.5 Hands on - I Was Wrong (Sep,29 2025 ) iPhone Air Teardown - What is 3D Printed Titanium? (Sep,28 2025 ) Nvidia Wouldn't Send Me This $30,000 GPU - H200 Holy $H!T (Sep,28 2025 ) The Astronaut - Official Trailer (2025) Kate Mara, Laurence (Sep,27 2025 ) iPhone 17 Durability Test -- What Scratches are Permanent? (Sep,25 2025 ) iPhone 17 Pro Max vs. Galaxy S25 Ultra Drop Test! (Sep,23 2025 ) Race Highlights: A Swing In The Drivers' Title Fight? | 2025 (Sep,21 2025 ) BYD Yangwang U9 Hits 496.22 KM/H - EV Supercar Speed Record (Sep,21 2025 )
>> News Archive <<
| |
|
