The backdoor named Rootpipe has existed since 2011, and Apple had released the OS X 10.10.3 update last week to fix it. The company was informed about the backdoor in October last year, but it took its own sweet time to fix it.
However, as discovered by an ex-NSA staffer, Patrick Wardle, the exploit still works, and is capable of giving hacker root access on the system. Apple has put in additional steps to stop the attack in OS X10.10.3, but Wardle was still able to use the backdoor to gain root access on his machine.
“I was tempted to walk into the Apple store this [afternoon] and try it on the display models – but I stuck to testing it on my personal laptop (fully updated/patched) as well as my OS X 10.10.3 [virtual machine]. Both worked like a charm,†Wardle told FORBES over email. In a blog post, he’d said his exploit was “a novel, yet trivial way for any local user to re-abuse Rootpipeâ€.
So what do you think guys ?
[Source]
