A SECURITY RESEARCHER in Sweden has found a serious vulnerability in Apple's Mac OS X 10.10 Yosemite operating system that could let an attacker take complete control of a system.
Swedish white hat hacker Emil Kvarnhammar's revelation of the flaw in Yosemite was first reported by Macworld.
The privilege escalation vulnerability could allow a hacker to gain the highest level 'root' access to a Yosemite system.
Kvarnhammar, a researcher at Swedish security firm Truesec, has called the vulnerability 'rootpipe', suggesting that it uses the BSD Unix command line pipe function or the operating system's internal network pipe facility, or both, to gain full control privileges.
The researcher declined to reveal details about how the vulnerability works because Apple hasn't fixed it yet. He said that Truesec informed Apple of the flaw immediately.
Kvarnhammar did, however, talk about how he found the bug, which also exists in older versions of Mac OS X in slightly different forms.
"It all started when I was preparing for two security events, one in Stockholm and one in Malmö," he said.
"I wanted to show a flaw in Mac OS X but relatively few have been published. There are a few 'proof of concepts' online, but the latest I found affected the older 10.8.5 version of OS X. I couldn't find anything similar for 10.9 or 10.10."
Kvarnhammar kept looking. "I started looking at the admin operations and found a way to create a shell with root privileges," he said. "It took a few days of binary analysis to find the flaw, and I was pretty surprised when I found it."
He looked at Mac OS X 10.9 and didn't find the same vulnerability, but he persevered and found the same kind of flaw in Mac OS X 10.10 Yosemite.
"I was a bit dejected but continued to investigate. There were a few small differences [in later releases] but the architecture was the same," Kvarnhammar explained.
"With a few modifications I was able to use the vulnerability in the latest Mac OS X, version 10.10."
Kvarnhammar said that the Yosemite 'rootpipe' vulnerability is scheduled to be disclosed in January 2015, after Apple patches the flaw and Mac users presumably get a little time to update their systems. µ
They're kind of cute though
No code? No problem!
The wide world of whimsy from the Alphabet Castle