Skip to main content

Rootpipe exploit still an issue in Mac OS X, security expert finds

Apple iMac 2014 bottom screen
Image used with permission by copyright holder
Patrick Wardle, a former NSA staffer, has revealed that Apple may have botched a patch of a significant vulnerability known as Rootpipe. Security Software Engineer Emil Kvarnhammar claimed in a blog post on April 9 that Apple had originally resolved the issue with the release of OS X 10.10.3. Now, Wardle has discovered that all Mac machines are still prone to attack, according to Forbes.

Apple initially learned of Rootpipe in October 2014, and planned for a fix by January 2015. In short, Rootpipe allows an attacker who has local access to a Mac product to achieve root privileges. This gives him or her full control of the machine without the need for additional authentication.

“I found a novel, yet trivial way for any local user to re-abuse Rootpipe — even on a fully patched OS X 10.10.3 system,” Wardle wrote in his own blog piece, posted on April 18. “In the spirit of responsible disclosure, (at this time), I won’t be providing the technical details of the attack (besides of course to Apple). However, I felt that in the meantime, OS X users should be aware of the risk.”

In an email to Forbes, Wardle went on to say that he was tempted to walk into an Apple store and try to exploit the issue on a display model. In the end, he did not do so, but wants to get the word out about the issue.

The Apple update that addressed the Rootpipe vulnerability claimed that Macs would now have “improved entitlement checking.” When it was released on April 8, the company was widely criticized for only providing a patch for newer editions of its Yosemite operating system.

Apple has been on the hot seat as of late for its security vulnerabilities. German Researcher Stefan Esser made waves with his reporting at the Syscan Conference, highlighting Apple’s iOS vulnerabilities.

Krystle Vermes
Former Digital Trends Contributor
Krystle Vermes is a professional writer, blogger and podcaster with a background in both online and print journalism. Her…
Zoom just fixed a major security flaw on Mac. Here’s why you should update now
The Logitech Brio 4K Pro attached to a Macbook.

If you have Zoom installed on your MacBook, you'll want to update the app right now. Zoom spent the weekend patching a major security flaw in its Mac app, and the update is available right now.

According to The Verge, it all began at Def Con, a computer security and hacker conference in Las Vegas. The founder of the security non-profit Objective-See and an ex-NSA security analyst, Patrick Wardle, took to the stage on Friday and presented a stunning find: a massive security vulnerability in the Zoom installer for MacBooks.

Read more
The M1 has a major security loophole that Apple can’t patch
Apple M1 processor on a mainboard.

Researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) have discovered a new security vulnerability that targets Apple's popular M1 processor. The attack, dubbed PACMAN, is capable of bypassing the last line of defense against software bugs on the M1 and potentially other ARM-based processors.

PACMAN attacks pointer authentication, which is the final stop for most software vulnerabilities. Pointer authentication confirms that a program hasn't been changed in any malicious way, serving as a "safety net ... in the worst case scenario," as MIT PhD student Joseph Ravichandran put it. MIT's researchers developed PACMAN as a way to guess the pointer authentication signature, bypassing this critical security mechanism. Researchers say PACMAN exploits a hardware mechanism, so a software patch won't be able to fix it.

Read more
Latest MacOS update causing monitor and controller issues
The Mac Studio and Studio Display at Apple's Peek Performance event.

Mac owners updating to the latest version of Apple's operating system are experiencing problems with connectivity to select peripherals, including game controls, displays, and graphics cards housed inside eGPUs.

The problems stem from updates to the latest version of Apple's MacOS 12.3, with people turning to various blogs, forums, and Reddit to report these issues. Apple has not acknowledged or addressed these complaints, and it's unknown how widespread these problems are among MacOS 12.3 users.

Read more