The Mac Security Blog

Recommended + Security & Privacy + Security News

Rootpipe Flaw in OS X Could Allow Hackers to Completely Take Over Your Mac

Posted on by

Rootpipe flaw in OS X could allow hackers to completely take over your MacFor day-to-day activities on your Mac—such as browsing the web, writing documents or checking your emails—are you using an account with Admin privileges?

I hope not. Because if you are, you’re putting yourself and the data stored on your computer at greater risk.

The risk is borne out by a newly discovered vulnerability in some versions of OS X (including the newly-released 10.10 Yosemite) that could allow a hacker to take complete control of your iMac or MacBook.

Swedish security researcher, Emil Kvarnhammar, calls the as-yet-unpatched privilege escalation bug “Rootpipe,” and says that a malicious hacker could gain root access—the highest level of access—without having to know a password. And once an attacker has root access, all bets are off.

“Normally there are ‘sudo’ password requirements, which work as a barrier, so the admin can’t gain root access without entering the correct password. However, rootpipe circumvents this,” Kvarnhammar was reported as saying.

A YouTube video—with a decidedly funky beat—shows the vulnerability in action:

Obviously this is a serious security hole, and eyes will be turning towards Cupertino in the hope that it will be fixed quickly.

The good news is that Kvarnhammar believes in responsible disclosure, and has not released details of how to exploit the vulnerability. If such details were made public there is a very real risk that malicious hackers could take advantage of the flaw, and use it to compromise Macs around the world—stealing information, planting malware, and generally getting up to no good.

Instead the researcher tweeted that the right thing to do was to give Apple time to issue and distribute a patch to vulnerable computers:

Kvarnhammar reported the vulnerability to Apple, sharing details with the firm’s developers the day after he discovered the problem. Although Apple has not officially confirmed the flaw, it did agree that he could go public with full details about the vulnerability in January, suggesting that the company is planning to patch it.

It will be interesting to see just how long it takes Apple to push out a patch for what appears to be a serious vulnerability. It will certainly be a shame if it takes until early January for a fix to be rolled out.

System preferencesIn the meantime, while you’re waiting, it’s a good idea to not use a user account with Administrator rights on your Mac unless absolutely necessary.

Instead, make sure that your regular user account has “Standard” rights, and create a new account with Admin privileges for when that is required.

To create a new user account, and to adjust your existing accounts’ privileges, open System Preferences and click on Users & Groups.

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →