'Rootpipe' vulnerability still exploitable on patched machines

A vulnerability in Apple OS X that was reportedly patched in the company's OS X 10.10.3 release appears to still be open to exploitation, according to one security researcher's findings.

Patrick Wardle reported on his blog that the “rootpipe” bug was supposedly patched only for OS X Yosemite; however, Wardle wrote that he found a “novel, yet trivial way” for a local user to abuse rootpipe on patched machines.

The bug could allow attackers to escalate a user's privileges, which could help spread malware or take over a machine.

Wardle didn't provide details on his discovery, as he just reported it to Apple, but noted that OS X users should be aware of the risk.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS