Swedish Hacker Finds Serious Security Flaw in OS X Yosemite

The white-hat hacker Emil Kvarmhammer from the Swedish security firm Truesec has found a serious security hole in Apple’s new OS X Yosemite. He dubbed the new vulnerability “rootpipe” and explains that it is a so-called privilege escalation vulnerability. This means that an attacker could get full root access without the need for any password and thereby take over the entire system.

Kvarnhammer didn’t disclose any details about the flaw and this is of course to give Apple time to come up with a fix before it becomes widely abused on unsuspecting users. While the bad news is that there isn’t a fix yet, nor is there any real time frame for it. The good news is that you can limit the damage a potential attacker can cause you to almost zero with just a few easy steps.

Most Apple machines are set up with just one user that has full admin privileges and there is no limit to the damage that can be done when the admin user is infected. So the first step would be to set up a user for everyday tasks next to the admin account.

The easiest way to do this without having to redo all your configurations is to create a new user and give him admin rights. Then log into that new admin user and remove the admin rights from your day-to-day user. Done. You’ll have to provide the admin password when you want to make changes to the systems such as install software, but that’s a tiny hassle in return for the huge security improvement. This is also good advice for any user of Windows or Linux.

The second step you can take to protect your data in case of an infection is to use the Apple’s FileVault tool. This will encrypt the hard drive without a too big hit on the system performance. You might not even notice it, depending on which Mac you own.

“Normally there are ‘sudo’ password requirements, which work as a barrier, so the admin can’t gain root access without entering the correct password. However, rootpipe circumvents this,” said Emil Kvarnhammer.

Kvarnhammer said he found the bug while researching new flaws in Mac OS X for two presentation he had to do. By studying the code and trying to follow the same lines of thought the original programmer had, he discovered this new flaw. Truesec works with responsible disclosure and they have received a time-frame from Apple when they are allowed to tell us more about this flaw and how it works. This date wasn’t revealed either, but there is talk about a full-disclosure from Apple about the issue in January 2015. So the fix might not be an easy one, either that or they feel confident enough that no one else will find it before then.

Thanks to Macworld for providing us with this information 

Images courtesy of Macworld