Apple's recent patch to fix a serious privilege escalation vulnerability in OS X Yosemite can be easily circumvented, a security researcher said.
Labeled "Rootpipe" by its finder, Emil Kvarnhammar of Swedish security company TrueSec, the bug could let attackers gain full access to a targeted Mac without having to know the administrative account's password -- dubbed "root access" -- making it a breeze to silently install malware on the machine. Kvarnhammer disclosed the flaw last fall.
Apple pushed a patch for Rootpipe to Yosemite -- but not older editions of OS X -- on April 8 as part of the 10.10.3 update.
But the patch didn't close the hole, alleged Patrick Wardle, director of research at Menlo Park, Calif.-based Synack, a security startup that markets a vulnerability testing framework.
Posts
No comments:
Post a Comment