A “Rootpipe” backdoor in various Mac OS X versions, or a security flaw that could give hackers full access to a Mac without authentication, was supposedly patched by Apple in an OS X 10.10.3 update earlier that month. But it looks like the patch doesn’t quite fix the security flaw, The Hacker News reports, as Yosemite computers are still vulnerable to Rootpipe-based attacks. Furthermore, Macs running OS X 10.9 or later have not been patched, and it’s likely they won’t be.
Ex-NSA staffer and current Synack R&D director Patrick Wardle discovered a new way to use the Rootpipe attack even after the recent Yosemite patch. The exec told Apple about the matter, and didn’t disclose the code used in the attack, as the company is expected to issue a complete fix for the problem.
Emil Kvarnhammar has discovered the Rootpipe attack back in October, informing Apple about the vulnerability. The hacker disclosed the information only after the company released a patch to fix it – more details about it are available on the TrueSec blog.
Kvarnhammar also revealed that Apple “indicated that this issue required a substantial amount of changes on their side, and that they will not back port the fix to 10.9.x and older.”