Rootpipe
   HOME

TheInfoList



OR:

Rootpipe is a security vulnerability found in some versions of
OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
that allows
privilege escalation Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. The res ...
whereby a user with administrative rights, or a program executed by an administrative user, can obtain
superuser In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of t ...
(root) access. This is considered problematic as the first user account created under OS X is furnished with administrator rights by default. By leveraging other security vulnerabilities on a system, such as an unpatched web browser, rootpipe could be used by an attacker to help gain complete control of the operating system. Emil Kvarnhammar of TrueSec, a security firm credited with the discovery, says that he found the vulnerability after several days of binary analysis. He recommends creating an account without administrative privileges to be used for normal everyday work and using
FileVault FileVault is a disk encryption program in Mac OS X 10.3 (2003) and later. It performs on-the-fly encryption with volumes on Mac computers. Versions and key features FileVault was introduced with Mac OS X Panther (10.3), and could only be ap ...
. An older exploit for the same issue was later published on exploit-db, suggesting the issue dates back to June 2010. It appears the exploit was used by the author during a presentation on
Trusteer Trusteer is a Boston-based computer security division of IBM, responsible for a suite of security software. Founded by Mickey Boodaei and Rakesh K. Loonkar, in Israel in 2006, Trusteer was acquired in September 2013 by IBM for $1 billion. Trust ...
Rapport at 44con 2011. The vulnerability was reported to
Apple Inc. Apple Inc. is an American multinational technology company headquartered in Cupertino, California, United States. Apple is the largest technology company by revenue (totaling in 2021) and, as of June 2022, is the world's biggest company b ...
in October 2014, and has been reported as present in
OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
versions 10.7.5, 10.8.2, 10.9.5 and 10.10.2. OS X 10.10.3 was officially designated as patched by Apple, but Kvarnhammar (crediting Patrick Wardle) has blogged that the vulnerability is still present in that version. On 1 July 2015, Kvarnhammer noted that additional restrictions had been introduced in OS X 10.10.4, adding in a comment two days later that he believed the then-current versions of OS X 10.9 (with Security Update 2015-005) and 10.10 to be safe from the exploit. In November 2017, a similar vulnerability was revealed which allowed logging in as root with no password.


References

{{Hacking in the 2010s Privilege escalation exploits