The white-hat hacker Emil Kvarmhammer from the Swedish security firm Truesec has found a serious security hole in Apple’s new OS X Yosemite. He dubbed the new vulnerability “rootpipe” and explains that it is a so-called privilege escalation vulnerability. This means that an attacker could get full root access without the need for any password and thereby take over the entire system.

Kvarnhammer didn’t disclose any details about the flaw and this is of course to give Apple time to come up with a fix before it becomes widely abused on unsuspecting users. While the bad news is that there isn’t a fix yet, nor is there any real time frame for it. The good news is that you can limit the damage a potential attacker can cause you to almost zero with just a few easy steps.

Most Apple machines are set up with just one user that has full admin privileges and there is no limit to the damage that can be done when the admin user is infected. So the first step would be to set up a user for everyday tasks next to the admin account.

The easiest way to do this without having to redo all your configurations is to create a new user and give him admin rights. Then log into that new admin user and remove the admin rights from your day-to-day user. Done. You’ll have to provide the admin password when you want to make changes to the systems such as install software, but that’s a tiny hassle in return for the huge security improvement. This is also good advice for any user of Windows or Linux.

The second step you can take to protect your data in case of an infection is to use the Apple’s FileVault tool. This will encrypt the hard drive without a too big hit on the system performance. You might not even notice it, depending on which Mac you own.

“Normally there are ‘sudo’ password requirements, which work as a barrier, so the admin can’t gain root access without entering the correct password. However, rootpipe circumvents this,” said Emil Kvarnhammer.

Kvarnhammer said he found the bug while researching new flaws in Mac OS X for two presentation he had to do. By studying the code and trying to follow the same lines of thought the original programmer had, he discovered this new flaw. Truesec works with responsible disclosure and they have received a time-frame from Apple when they are allowed to tell us more about this flaw and how it works. This date wasn’t revealed either, but there is talk about a full-disclosure from Apple about the issue in January 2015. So the fix might not be an easy one, either that or they feel confident enough that no one else will find it before then.


Sources: http://www.eteknix.com/swedish-hacker-finds-serious-security-flaw-os-x-yosemite / http://www.macworld.com/article/2841965/swedish-hacker-finds-serious-vulnerability-in-os-x-yosemite.html

 

Yowza

 

I'm so happy that I didn't upgrade from Mavericks just yet....

 

But isn't Apple the most secure thing since a bank vault? Oh wait that's just the sales pitch.

 

apple can't get virus! Only windows!!!

 

Glad im still on 10.8.5. The last decent OS structure apple put out. Would do Yosemite if it didnt have the file structure foolishness of mavericks.

 

1. steal a free linux distro
2. add gay color schemes/icons.
3. enclose it in iKea design
4. charge $3000 for a $700 laptop
5. wrap fake "save the world/love dolphins/everyone is equal/starbuck's coolness" ideology around it.
-----------------
welcome to the fucked up world of aPPLe

 

pro tools 10
Yes! You deserve a gold star...but we're all out of those...how about some drugs instead?

 

I work with both Win and Mac for many years. Haven't had a single virus on Mac within this time period.
How many security updates do we get from Microsoft in short steady intervals....?
Acrid malicious-joy from windows users is inadequate. As the hyaenas.....

Yosemite isn't worth upgrading for musicians. I haven't upgraded yet, but i shortly tested the new system on a separate partition.
Too many troubles with not yet updated softwares. Even Logic doesn't work for many people.
The design: flat. For IOS it might be o.k, but when you sit in front of a 27" monitor...
Look at those numerous bad comments in App Store.. :snuf

 

Macs are less targeted by malware writers because very few people use them in comparison to Windows. I could say the same thing about Windows XP that I used for about a decade with no infections and on that OS that's really saying something. From a security standpoint Microsoft has surpassed Apple. Most exploits these days focus on third party products like Flash or Java to infect a computer when it used to be OS related. Personally I hate everything Apple stands for. Microsoft has it's share of bullshit but Apple just makes me sick. Right up there with Google vying for title of evilest corporation in the galaxy.

 

Yes it's true. Microsoft got better in some aspects.

However, i hate neither Apple nor Microsoft.
I am grateful and take the best of both worlds.
If none of those systems would exist, we couldn't meet here on AudioSex....

 

Touché. Leave it to Alraun to leave a thought provoking comment like that.

 

I could tell you at least one thing you shouldn't hate about Apple. Their OS as well as Logic isn't copy protected at all.
Good for young musicians!

 

Yeah that's true. My problem with them concerning Logic is that it used to be cross-platform but they bought it from eMagic in 2002 and closed it off from Windows because that way they can sell more Macs. I would like to use it but I can't. This situation to me paints a picture of the kind of company Apple is and one of the reasons I disapprove of their ethics. They also donate very little to charity even though they make a shit ton of money.

 

So that is why my Mac Pro had 10 viruses that last time i runned a virus program it was so slow so i had to test if it was a Virus and guess what it had a virus not ONE but TEN.
But believe what you will fanboy your so screwed