Apple Failed to Patch Critical RootPipe Vulnerability, Claims Former NSA Employee

Rafia Shaikh

RootPipe vulnerability, which was discovered back in October 2014, remains unfixed contrary to what Apple had claimed, former NSA staffer reveals today. Apple had claimed to have fixed the critical security vulnerability in its OS X 10.10.3 update, however, the vulnerability still infects the Mac OS X.

Also, read: 1,500 iOS Apps Prone to Man-in-the-Middle Attacks Due to HTTPS-Crippling Bug

fix rootpipe os x vulnerability

Going back to RootPipe:

Emil Kvarnhammar had discovered this privilege escalation vulnerability later last year in some versions of the OS X including the newest Yosemite. RootPipe vulnerability allows an attacker to take full control of your Mac computer without any authentication required!

This so-called RootPipe vulnerability enables an attacker with local access to a Mac to escalate their privileges to root. Which essentially means a complete control of the machine with no further authentication required! The White Hat hacker had shared the details to Apple which then claimed to patch the vulnerability.

However... Apple failed to fix RootPipe:

Patrick Wardle who is now heading a security firm and is a former NSA employee demonstrated the vulnerability in a video showing how the critical bug still stays in the newest version - OS X Yosemite 10.10.3. The latest version, released earlier this month was supposed to fix RootPipe OS X backdoor which has resided on Mac computers since 2011!

We saw another security report today revealing that some 1,500 iOS apps are vulnerable to man-in-the-middle attacks. Let's hope Apple gears up its security a notch higher on both the iOS and OS X!

- Source: Forbes

Latest industry news and updates:

Share this story