Rootpipe vulnerability still affects Macs despite patch

SecurityIconXDespite having issued an update that patches the recent security flaw in OS X called “rootpipe,” security researchers are demonstrating that OS X is still open to this ongoing vulnerability. Rootpipe is a backdoor flaw in OS X where a hacker can break the OS X sandboxing rules that isolate running processes. In doing so, a program that does not have admin access can gain these privileges and get full root privileges to the system.

This flaw was initially discovered by security researcher Emil Kvarnhammer, and while initially not addressed by Apple, a patch was finally included in the last bout of updates. The patch did fix one mode of exploit for this flaw, but unfortunately does not go far enough to close it off. As found by security researcher Patrick Wardle, a “novel, yet trivial way for a local user to re-abuse rootpipe” exists, even on a fully patches system running OS X 10.10.3.

Wardle has posted his findings on his personal blog, but has not revealed the specifics of this new mode of attack. As such, this vulnerability is likely not something to worry about as an active exploit, especially if your Mac is only used by people you trust. Apple has been notified of the new flaw, and as with any security risks, a patch should be out soon in the form of a security or OS update.

While this vulnerability does exist, you can take some steps to help protect your system, by turning on the various security features of OS X, including FileVault full disk encryption, and using a standard non-admin user account for daily activities.