[MacTUG] Researcher: OS X 'Rootpipe' attack fix not reliable, attacks possible | MacNN
Marlon A. Griffith
m3griffi at uwaterloo.ca
Mon Apr 20 10:22:41 EDT 2015
Read whole article for discussion of issue and a link to how easy it would be to fix for Mavericks.
"""
Researchers from security firm Synack have determined that Apple's latest patch for the "Rootpipe" privilege escalation flaw remain mostly unfixed, even on OS X 10.10 "Yosemite." Ex-NSA staff member Patrick Wardle examined the new patch, and found a new path around Apple's security fix, leaving the computer unprotected from hostile users with physical access. In other developments, the malware is loose in the wild and has been for some time, but is a discrete app and still not a remote attack.
http://www.macnn.com/articles/15/04/19/yosemite.only.patch.seemingly.does.little.to.mitigate.rootpipe.based.attacks/
"""
'How to fix rootpipe in Mavericks and call Apple’s bullshit bluff about rootpipe fixes,' https://reverse.put.as/2015/04/13/how-to-fix-rootpipe-in-mavericks-and-call-apples-bullshit-bluff-about-rootpipe-fixes/.
More information about the MacTUG
mailing list