Swedish hacker Emil Kvarnhammar has found a serious vulnerability in Apple’s Mac OS Yosemite ‘Rootpipe’ The Proof of Concept (PoC) is not available and the details sketchy about this vulnerability because Apple has asked Emil not to disclose it until January 2015. The fact that Apple has asked Emil not to disclose the vulnerability to public means that Apple has not denied the flaw and if it exists, Apple should be releasing the patch before then to fix this vulnerability.
[showads ad=1]
ROOT ACCESS WITHOUT PASSWORD
Once exploited, hackers could install malicious software or make other changes to your computer without any need of a password.
Hackers could steal victims’ sensitive information such as passwords or bank account information, or if required, they could format the entire affected computer, deleting all your important data from the computer.
Kvarnhammar has also provided a video to explain his initial finding.
“It all started when I was preparing for two security events, one in Stockholm and one in Malmö,I wanted to show a flaw in Mac OS X, but relatively few have been published. There are a few ‘proof of concepts’ online, but the latest I found affected the older 10.8.5 version of OS X. I couldn’t find anything similar for 10.9 or 10.10.”-Kvarnhammar says.
HOW TO SAVE YOUR MAC.
The full disclosure of the vulnerability would be made public in January, after Apple will provide a fix. Apple Yosemite OS X users are advised to follow the below steps in order to protect yourself from the exploitation of the Rootpipe:
Avoid running the system on a daily basis with an admin account. An attacker that will gain control on this account will obtain anyway limited privileges.
Use volume encryption Apple’s FileVault tool, which allows encryption and decryption on the fly, protecting your information always.
[showads ad=1]
ROOT ACCESS WITHOUT PASSWORD
Once exploited, hackers could install malicious software or make other changes to your computer without any need of a password.
Hackers could steal victims’ sensitive information such as passwords or bank account information, or if required, they could format the entire affected computer, deleting all your important data from the computer.
Kvarnhammar has also provided a video to explain his initial finding.
“It all started when I was preparing for two security events, one in Stockholm and one in Malmö,I wanted to show a flaw in Mac OS X, but relatively few have been published. There are a few ‘proof of concepts’ online, but the latest I found affected the older 10.8.5 version of OS X. I couldn’t find anything similar for 10.9 or 10.10.”-Kvarnhammar says.
HOW TO SAVE YOUR MAC.
The full disclosure of the vulnerability would be made public in January, after Apple will provide a fix. Apple Yosemite OS X users are advised to follow the below steps in order to protect yourself from the exploitation of the Rootpipe:
Avoid running the system on a daily basis with an admin account. An attacker that will gain control on this account will obtain anyway limited privileges.
Use volume encryption Apple’s FileVault tool, which allows encryption and decryption on the fly, protecting your information always.
0 comments:
Post a Comment