A quick recap for those who haven’t been following the Rootpipe saga closely:
Back in October 2014, Swedish white-hat hacker Emil Kvarnhammar revealed that he had uncovered a dangerous vulnerability in some versions of OS X (including the then newly-released 10.10 Yosemite) that could allow a hacker to take complete control of your desktop Mac or MacBook laptop.
Dubbed Rootpipe, the privilege escalation bug was also given the geeky moniker CVE-2015-1130.
Being a decent fellow, Kvarnhammar said that he would not make details of the Rootpipe vulnerability public until Apple patched the flaw – which they did (along with many other security bugs) earlier this month.
Unfortunately, a few days later, it became clear that although Apple claimed to have fixed the Rootpipe vulnerability in OS X 10.10.3, they had no plans to patch older, pre-Yosemite, versions of the operating system – leaving Mac users at risk.
Which isn’t great.
But what’s worse is that it is now claimed that Apple’s Rootpipe fix for OS X Yosemite 10.10.3 users is itself flawed, meaning the backdoor vulnerability remains on all Macs.
Patrick Wardle, director of R&D at Synack, says that he stumbled across a “trivial way for any local user to re-abuse rootpipe” while flying back from a security conference.
He created a video to demonstrate the flaw in action:
Wardle says on his blog that he is not making details of how to exploit the vulnerability public at this time, but has shared information with Apple’s security team.
All eyes now turn to Apple for a response, and – if you’re concerned about the vulnerability – it would make sense to take care over who you allow to use your computer.
Let’s all hope that Apple will fix the problem once and for all now, and – hey Apple! – how about providing some protection for users of older versions of OS X at the same time, eh?
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.