Swedish Hacker Finds Serious Security Flaw in OS X Yosemite

Discussion in 'Mac / Hackintosh' started by SillySausage, Nov 4, 2014.

  1. SillySausage

    SillySausage Producer

    Joined:
    Jul 7, 2012
    Messages:
    2,612
    Likes Received:
    136
    Location:
    Uranus
    [​IMG]

    The white-hat hacker Emil Kvarmhammer from the Swedish security firm Truesec has found a serious security hole in Apple’s new OS X Yosemite. He dubbed the new vulnerability “rootpipe” and explains that it is a so-called privilege escalation vulnerability. This means that an attacker could get full root access without the need for any password and thereby take over the entire system.

    Kvarnhammer didn’t disclose any details about the flaw and this is of course to give Apple time to come up with a fix before it becomes widely abused on unsuspecting users. While the bad news is that there isn’t a fix yet, nor is there any real time frame for it. The good news is that you can limit the damage a potential attacker can cause you to almost zero with just a few easy steps.

    Most Apple machines are set up with just one user that has full admin privileges and there is no limit to the damage that can be done when the admin user is infected. So the first step would be to set up a user for everyday tasks next to the admin account.

    The easiest way to do this without having to redo all your configurations is to create a new user and give him admin rights. Then log into that new admin user and remove the admin rights from your day-to-day user. Done. You’ll have to provide the admin password when you want to make changes to the systems such as install software, but that’s a tiny hassle in return for the huge security improvement. This is also good advice for any user of Windows or Linux.

    The second step you can take to protect your data in case of an infection is to use the Apple’s FileVault tool. This will encrypt the hard drive without a too big hit on the system performance. You might not even notice it, depending on which Mac you own.

    “Normally there are ‘sudo’ password requirements, which work as a barrier, so the admin can’t gain root access without entering the correct password. However, rootpipe circumvents this,” said Emil Kvarnhammer.

    Kvarnhammer said he found the bug while researching new flaws in Mac OS X for two presentation he had to do. By studying the code and trying to follow the same lines of thought the original programmer had, he discovered this new flaw. Truesec works with responsible disclosure and they have received a time-frame from Apple when they are allowed to tell us more about this flaw and how it works. This date wasn’t revealed either, but there is talk about a full-disclosure from Apple about the issue in January 2015. So the fix might not be an easy one, either that or they feel confident enough that no one else will find it before then.


    Sources: http://www.eteknix.com/swedish-hacker-finds-serious-security-flaw-os-x-yosemite / http://www.macworld.com/article/2841965/swedish-hacker-finds-serious-vulnerability-in-os-x-yosemite.html
     
  2.  
  3. GodHimSelf

    GodHimSelf Platinum Record

    Joined:
    Jan 3, 2014
    Messages:
    300
    Likes Received:
    154
  4. KingSchlongXVII

    KingSchlongXVII Member

    Joined:
    Feb 5, 2014
    Messages:
    77
    Likes Received:
    11
    I'm so happy that I didn't upgrade from Mavericks just yet.... :thumbsup:
     
  5. ArticStorm

    ArticStorm Moderator Staff Member

    Joined:
    Jun 7, 2011
    Messages:
    8,584
    Likes Received:
    4,510
    Location:
    AudioSexPro
  6. Catalyst

    Catalyst Audiosexual

    Joined:
    May 28, 2012
    Messages:
    5,803
    Likes Received:
    805
    But isn't Apple the most secure thing since a bank vault? Oh wait that's just the sales pitch. :rofl:
     
  7. davea

    davea Platinum Record

    Joined:
    Sep 14, 2012
    Messages:
    602
    Likes Received:
    245
    Location:
    France
  8. xHitoKiri

    xHitoKiri Member

    Joined:
    Sep 8, 2013
    Messages:
    243
    Likes Received:
    9
    :bleh: apple can't get virus! Only windows!!! :rofl:
     
  9. OrganicSpaceRaisedMoonBeef

    OrganicSpaceRaisedMoonBeef Producer

    Joined:
    Dec 10, 2013
    Messages:
    466
    Likes Received:
    94
    Location:
    World 1, Scene 1
    Glad im still on 10.8.5. The last decent OS structure apple put out. Would do Yosemite if it didnt have the file structure foolishness of mavericks.
     
  10. korte1975

    korte1975 Guest

    1. steal a free linux distro
    2. add gay color schemes/icons.
    3. enclose it in iKea design
    4. charge $3000 for a $700 laptop
    5. wrap fake "save the world/love dolphins/everyone is equal/starbuck's coolness" ideology around it.
    -----------------
    welcome to the fucked up world of aPPLe
     
  11. Catalyst

    Catalyst Audiosexual

    Joined:
    May 28, 2012
    Messages:
    5,803
    Likes Received:
    805
    pro tools 10
    Yes! You deserve a gold star...but we're all out of those...how about some drugs instead? [​IMG]
     
  12. Alraun

    Alraun Member

    Joined:
    Sep 17, 2012
    Messages:
    415
    Likes Received:
    18
    I work with both Win and Mac for many years. Haven't had a single virus on Mac within this time period.
    How many security updates do we get from Microsoft in short steady intervals....?
    Acrid malicious-joy from windows users is inadequate. As the hyaenas.....

    Yosemite isn't worth upgrading for musicians. I haven't upgraded yet, but i shortly tested the new system on a separate partition.
    Too many troubles with not yet updated softwares. Even Logic doesn't work for many people.
    The design: flat. For IOS it might be o.k, but when you sit in front of a 27" monitor...
    Look at those numerous bad comments in App Store.. :snuf
     
  13. Catalyst

    Catalyst Audiosexual

    Joined:
    May 28, 2012
    Messages:
    5,803
    Likes Received:
    805
    Macs are less targeted by malware writers because very few people use them in comparison to Windows. I could say the same thing about Windows XP that I used for about a decade with no infections and on that OS that's really saying something. From a security standpoint Microsoft has surpassed Apple. Most exploits these days focus on third party products like Flash or Java to infect a computer when it used to be OS related. Personally I hate everything Apple stands for. Microsoft has it's share of bullshit but Apple just makes me sick. Right up there with Google vying for title of evilest corporation in the galaxy. :rofl:
     
  14. Alraun

    Alraun Member

    Joined:
    Sep 17, 2012
    Messages:
    415
    Likes Received:
    18
    Yes it's true. Microsoft got better in some aspects.

    However, i hate neither Apple nor Microsoft.
    I am grateful and take the best of both worlds.
    If none of those systems would exist, we couldn't meet here on AudioSex....
     
  15. Catalyst

    Catalyst Audiosexual

    Joined:
    May 28, 2012
    Messages:
    5,803
    Likes Received:
    805
    Touché. Leave it to Alraun to leave a thought provoking comment like that. :mates:
     
  16. Alraun

    Alraun Member

    Joined:
    Sep 17, 2012
    Messages:
    415
    Likes Received:
    18
    :mates: I could tell you at least one thing you shouldn't hate about Apple. Their OS as well as Logic isn't copy protected at all.
    Good for young musicians!
     
  17. Catalyst

    Catalyst Audiosexual

    Joined:
    May 28, 2012
    Messages:
    5,803
    Likes Received:
    805
    Yeah that's true. My problem with them concerning Logic is that it used to be cross-platform but they bought it from eMagic in 2002 and closed it off from Windows because that way they can sell more Macs. I would like to use it but I can't. This situation to me paints a picture of the kind of company Apple is and one of the reasons I disapprove of their ethics. They also donate very little to charity even though they make a shit ton of money.
     
  18. Guitarmaniac64

    Guitarmaniac64 Rock Star

    Joined:
    Jun 5, 2011
    Messages:
    1,376
    Likes Received:
    332
    So that is why my Mac Pro had 10 viruses that last time i runned a virus program it was so slow so i had to test if it was a Virus and guess what it had a virus not ONE but TEN.
    But believe what you will fanboy your so screwed
     
Loading...
Similar Threads - Swedish Hacker Finds Forum Date
Swedish House Mafia (more than you know) Percussion how to make "that" sound Jan 27, 2023
How to speed up synths or percussion? (like in 'One' Swedish House Mafia) how to make "that" sound Jan 31, 2017
Probably off any audio topic. (Gorm Swedish Storm 2015) Lounge Nov 30, 2015
Swedish Police Raid The Pirate Bay Site Offline Lounge Dec 10, 2014
Stradipad Free - Swedish Strings For Nebula Software News Sep 24, 2013
Loading...