OS X ‘Rootpipe’ details emerge | SC Media
Strategy, Vulnerability management

OS X ‘Rootpipe’ details emerge

November 4, 2014

While Swedish hacker Emil Kvarnhammar is complying with Apple's request to withhold information about a vulnerability in the company's OS X Yosemite until January, he did provide a few details, according to a report on ZDNet.com.

The TrustSec researcher is quoted as saying, “Normally there are ‘sudo' password requirements, which work as a barrier, so the admin can't gain root access without entering the correct password. However, rootpipe circumvents this."

The report also cautions users to protect themselves by turning on FileVault and not using an admin account daily.

Apple initially didn't reply to Kvarnhammar's first entreaties to report the vulnerability but later asked him to provide additional information. The company then asked him not to disclose his findings until January 2015, which Kvarnhammar is honoring. He did originally post some of his findings in a YouTube video.

prestitial ad