A relatively long-standing vulnerability in OS X has been uncovered by a Swedish hacker, Emil Kvarnhammar, who has dubbed it “rootpipe” by the so-far undisclosed method in which it can be used to take control of your Mac. In this vulnerability, a flaw allows a hacker to gain administrative access of a system without supplying a password, and then be able to interact with your Mac as an administrator.
In an interview with MacWorld, Kvarnhammar describes this bug as having been present in OS X 10.8.5, but he was not able to replicate it in 10.9; however, Apple has shuffled around its code in OS X 10.10 so the bug again allows access.
In contacting Apple about the issue, Kvarnhammar did not get a response; however, Apple has agreed upon a date in January for full disclosure of the vulnerability’s details, suggesting Apple has indirectly acknowledged the issue and is developing a fix to be out by then.
In the mean time, this and other privilege-escalation vulnerabilities can be managed by taking two important security steps with your Mac:
Use a standard user account
When you set up your Mac, the first user account created will be an administrative one so you can fully configure your system; however, Apple leaves you with this as your main account, instead of requiring you create a separate user account with more limited privileges for daily use. By working in an admin account, you chance encountering vulnerabilities that could give access to your system under this account’s privilege level, and by limiting yourself to a standard account you can help stem such vulnerabilities.
The process for switching to a standard account for daily use is easy and painless:
- Open the Users & Groups system preferences and authenticate by clicking the lock.
- Create a new user account, and check the box to allow the user to administer the computer.
- Log out of your current account, and log into the new administrator account.
- Go back to the Users & Groups system preferences and again unlock them.
- Select your main user account and uncheck the option to allow the user to administer the computer.
From within your new administrative account, uncheck this box for your other user accounts to prevent them from running as admin.
When finished, you can log out and back into your main account, and be able to use it as if there is no difference. Now whenever you need to administer your system by installing programs or changing settings that require admin access, you will supply the username and password of your new admin account, instead of that for your current account. This is a trivial difference in function, but does allow your Mac to run with added security.
In addition to running as a standard user, consider enabling FileVault on your Mac. This is another recommendation by Kvarnhammar for preventing the “rootpipe” vulnerability from being used. In general, it is also a good idea, especially for portable systems, to have the entire contents of the drive encrypted. This will prevent a system from being rebooted in alternative modes to bypass the operating system’s security features and access data on the drive. Without the encryption password, the data on your Mac’s drive will be completely inaccessible.
Click this button in the Security & Privacy system preferences to enable FileVault.
FileVault can be enabled by authenticating in the Security & Privacy system preferences, and then clicking the “Turn On FileVault” feature in the FileVault tab. Follow the on-screen instructions for managing your encryption key and enabling specific user accounts for unlocking the drive, and after your drive encrypts (it may take a few hours) your Mac’s drive will be fully encrypted.