Apple must have fixed a huge number of security vulnerabilities in OS X and iTunes, but it would have not imagined that its newer version OS X Yosemite will too face security flaw. A security flaw named ‘Rootpipe’ has been discovered in the Apple’s latest Mac OS X Yosemite by a Swedish Security researcher – Emil Kvarnhammar.
If you are running the latest Mac OS X, it is suggested not to run your computer using the administrative privileges. The security vulnerability in the OS X not only makes the hackers eligible enough to escalate the administrative privileges on compromised machines, but also allow them to gain higher level of access on machines, termed as root access.
By exploiting the security flaw on the Mac OS X Yosemite, the hackers automatically get the power to bypass all the security mechanisms applied to keep them at bay.
Consequence of security flaw exploitation
The consequence of security exploitation of Mac OS X Yosemite is seriously threatening. Once the hacker is able to exploit the security flaw, the entire machine is opened up for him to carry out his nefarious acts. Here is the list of things a hacker can do after exploiting the security flaw:
- The most deadly act- can install malicious software.
- Alter the entire setting of your computer without the need of any password.
- Steal victim’s sensitive information, such as passwords, bank account details etc.
- Last, they could even format your entire computer, removing all your important data from your own computer.
These are the consequences that you as a user can come across if the security flaw – Rootpipe is exploited.
When the security researcher Emil Kvarnhammar disclosed about the security flaw to Apple, he received cold response from their end. However, when Emil provided Apple the detailed research work over the security flaw, Apple asked him and TrueSec not to disclose until next January as the brand needs some time to prepare a security patch.
Emil Kvarnhammar said, “The current agreement with Apple is to disclose all details in mid-January 2015. This might sound like a long wait, but hey, time flies. It’s important that they have time to patch, and that the patch is available for some time.”
How to Stay Protected from Rootpipe?
Apple has not yet acknowledged the issue, but if you are running the newer version of OS X or a version prior to Mavericks, you are highly vulnerable to this exploit. It is not meant to scare you, but to make you more careful about the security threats and how you can stay protected. Take a look:
- Avoid running your computer on daily basis using admin privileges.
- Use volume encryption Apple’s FileVault tool to provide the best security to your hard drive.
Notably, Emil Kvarnhammar tested the bug on OS X 10.8, 10.9 and 10.10 and found that the bug existed since at least 2012 or probably before that.