'Rootpipe' vulnerability still exploitable on patched machines
A vulnerability in Apple OS X that was reportedly patched in the company's OS X 10.10.3 release appears to still be open to exploitation, according to one security researcher's findings.
Patrick Wardle reported on his blog that the “rootpipe” bug was supposedly patched only for OS X Yosemite; however, Wardle wrote that he found a “novel, yet trivial way” for a local user to abuse rootpipe on patched machines.
The bug could allow attackers to escalate a user's privileges, which could help spread malware or take over a machine.
Wardle didn't provide details on his discovery, as he just reported it to Apple, but noted that OS X users should be aware of the risk.