Click to Skip Ad
Closing in...

‘Rootpipe’ OS X Yosemite security vulnerability not as patched as initially believed

OS X Yosemite Rootpipe Security Vulnerability

A “Rootpipe” backdoor in various Mac OS X versions, or a security flaw that could give hackers full access to a Mac without authentication, was supposedly patched by Apple in an OS X 10.10.3 update earlier that month. But it looks like the patch doesn’t quite fix the security flaw, The Hacker News reports, as Yosemite computers are still vulnerable to Rootpipe-based attacks. Furthermore, Macs running OS X 10.9 or later have not been patched, and it’s likely they won’t be.

DON’T MISS: The numbers don’t lie: Jay-Z’s Tidal music service is already a spectacular flop

Ex-NSA staffer and current Synack R&D director Patrick Wardle discovered a new way to use the Rootpipe attack even after the recent Yosemite patch. The exec told Apple about the matter, and didn’t disclose the code used in the attack, as the company is expected to issue a complete fix for the problem.

Emil Kvarnhammar has discovered the Rootpipe attack back in October, informing Apple about the vulnerability. The hacker disclosed the information only after the company released a patch to fix it – more details about it are available on the TrueSec blog.

Kvarnhammar also revealed that Apple “indicated that this issue required a substantial amount of changes on their side, and that they will not back port the fix to 10.9.x and older.”

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises. Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.