Apple fails to fix back-door API in OS X 10.10.3

April 21, 2015 // 1:03 p.m.

Tags: #api #back-door #backdoor #emil-kvarnhammar #insecurity #mac-os #os-x #pheonix #security #vulnerability

Companies: #apple

A security researcher has claimed Apple's recently-released fix for the Rootpipe backdoor, bundled in OS X 10.10.3, fails to resolve the underlying issue - leaving all OS X systems still vulnerable to attack.

The Rootpipe flaw was first disclosed by security searcher Emil Kvarnhammar, who released public details earlier this month following the release of OS X 10.10.3 with a patch for the flaw. Versions of OS X prior to 10.10.3, Kvarnhammar explained, feature a back-door application programming interface (API) designed to make management of the system easier for non-technical users - but, unfortunately, allowing trivial privilege escalation by any program running on the system to gain administrator-level access permissions.

Known to affect OS X versions going back to at least 2011 and potentially considerably earlier, Apple worked on a patch after being alerted to the problem by Kvarnhammar back in October last year. OS X 10.10.2 was supposed to fix the flaw but didn't, and now it's being claimed that 10.10.3 fails to do the job as well.

Security researcher Patrick Wardle has published evidence that Rootpipe is still exploitable on a fully-patched OS X 10.10.3 installation, dubbing his 'novel, yet trivial' modification to Kvarnhammar's work Pheonix. 'I[n] the spirit of responsible disclosure, (at this time), I won't be providing the technical details of the attack (besides of course to Apple),' Wardle wrote above a video demonstration of the attack. 'However, I felt that in the meantime, OS X users should be aware of the risk.'

Apple has not publicly responded to Wardle's claims of continued vulnerability.
Discuss this in the forums

QUICK COMMENT

Week in review

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU