Researcher informed Apple of the new exploit method

Apr 21, 2015 14:40 GMT  ·  By

The Rootpipe vulnerability, addressed by Apple in the latest round of updates for OS X, can still be exploited to take full control of a computer by elevating user access privileges to root level, a security researcher has found.

The flaw is believed to have been available since at least four years ago, when OS X 10.7 was first released, and it can be leveraged both locally and remotely, in combination with remote execution exploits, via web-based attacks.

Security flaw also affects older OS X versions

In the security updates from Apple earlier this month, the vulnerability (credited to Emil Kvarnhammar from Swedish security company Truesec) was announced as patched for all OS X 10.10.x builds, but because of the large number of changes required, the company did not backport the fix to earlier versions, leaving OS X 10.9.x and earlier vulnerable.

However, it appears that Apple’s fix does not completely mitigate the risk, as Patrick Wardle, director of research and development at security startup Synack, says that he has found a simple method to bypass the protection integrated by the developer and take advantage of the Rootpipe vulnerability.

Proof-of-concept video published

Wardle says he found the “novel, and trivial way” to exploit the flaw while flying back home from a security conference he had attended.

The researcher states he informed Apple on the matter and did not disclose any technical details about the finding.

As proof that his claim is legitimate, Wardle provided a video demonstrating the flaw on a Mac system running the latest version of OS X, 10.10.3.

With this new discovery, Apple would be at the third attempt to plug this particular security hole in its operating system.

Before the April updates, the company tried to remove the risk in OS X 10.10.2, but the approach proved inefficient and the vulnerability persisted.

Patrick Wardle's video demonstrating that Rootpipe is still plaguing OS X: