Vulnerability Management

‘Rootpipe’ vulnerability still exploitable on patched machines

A vulnerability in Apple OS X that was reportedly patched in the company's OS X 10.10.3 release appears to still be open to exploitation, according to one security researcher's findings.

Patrick Wardle reported on his blog that the “rootpipe” bug was supposedly patched only for OS X Yosemite; however, Wardle wrote that he found a “novel, yet trivial way” for a local user to abuse rootpipe on patched machines.

The bug could allow attackers to escalate a user's privileges, which could help spread malware or take over a machine.

Wardle didn't provide details on his discovery, as he just reported it to Apple, but noted that OS X users should be aware of the risk.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.