A Swedish white-hat hacker has discovered a major security hole in Apple’s latest operating system, OS X Yosemite.
Emil Kvarnhammar, IT consultant at security firm TrueSec, reported the privilege escalation vulnerability could allow an attacker to take complete control over a user’s computer without the necessary administrator credentials.
Kvarnhammar told MacWorld the bug – dubbed ‘rootpipe’ – affects the recently launched version of OS X (10.10), which was released to consumers on October 16.
The security researcher explained the discovery came while analyzing the operating system’s admin operations, eventually finding a way to create a shell with root privileges.
“It took a few days of binary analysis to find the flaw, and I was pretty surprised when I found it,” said Kvarnhammar. “Normally there are ‘sudo’ password requirements, which work as a barrier, so the admin can’t gain root access without entering the correct password. However, rootpipe circumvents this,” he added.
Kvarnhammar reported the vulnerability to Apple one day after his discovery, but said the company did not fully acknowledge the flaw. Instead, Apple gave Kvarnhammar an appropriate date for publishing his findings – currently set for January 2015.
The prolonged date suggests Apple plans to further investigate and roll out a patch to affected users in the coming months.
“It will be interesting to see just how long it takes Apple to push out a patch for what appears to be a serious vulnerability,” said security journalist Graham Cluley. “It will certainly be a shame if it takes until early January for a fix to be rolled out.”
However, Tripwire security researcher Craig Young begs to disagree, stating, “Personally, I think it is amazing to see Apple promise a turnaround of less than three months for a security issue that has not been a public disclosure.”
Apple has a long track record of long delays between when a vulnerability becomes public information and when a fix for Apple customers becomes available, which we recently saw with the patches for various BASH vulnerabilities, added Young.
To stay protected, the security researcher suggests users create a new account with admin privileges and remove the admin permissions from the other account being used frequently.
This way, if a hacker takes over the account being used on a daily basis, the attacker will not have access to admin permissions, limiting the harm they can do with the data.
Additionally, Kvarnhammar recommends encrypting the computer’s hard drive using Apple’s FileVault feature.
Read More Here…