Vulnerability Management

OS X ‘Rootpipe’ details emerge

While Swedish hacker Emil Kvarnhammar is complying with Apple's request to withhold information about a vulnerability in the company's OS X Yosemite until January, he did provide a few details, according to a report on

The TrustSec researcher is quoted as saying, “Normally there are ‘sudo' password requirements, which work as a barrier, so the admin can't gain root access without entering the correct password. However, rootpipe circumvents this."

The report also cautions users to protect themselves by turning on FileVault and not using an admin account daily.

Apple initially didn't reply to Kvarnhammar's first entreaties to report the vulnerability but later asked him to provide additional information. The company then asked him not to disclose his findings until January 2015, which Kvarnhammar is honoring. He did originally post some of his findings in a YouTube video.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.