Rootpipe

Rootpipe is a security vulnerability found in some versions of OS X that allows privilege escalation whereby a user with administrative rights, or a program executed by an administrative user, can obtain superuser (root) access. This is considered problematic as the first user account created under OS X is furnished with administrator rights by default.[1] By leveraging other security vulnerabilities on a system, such as an unpatched web browser, rootpipe could be used by an attacker to help gain complete control of the operating system.[1]

Emil Kvarnhammar of TrueSec, a security firm credited with the discovery, says that he found the vulnerability after several days of binary analysis. He recommends creating an account without administrative privileges to be used for normal everyday work and using FileVault.[1]

An older exploit for the same issue was later published on exploit-db,[2] suggesting the issue dates back to June 2010. It appears the exploit was used by the author during a presentation on Trusteer Rapport at 44con 2011.[3]

The vulnerability was reported to Apple Inc. in October 2014,[4] and has been reported as present in OS X versions 10.7.5, 10.8.2, 10.9.5 and 10.10.2.[5] OS X 10.10.3 was officially designated as patched by Apple, but Kvarnhammar (crediting Patrick Wardle) has blogged that the vulnerability is still present in that version.[6][7] On 1 July 2015, Kvarnhammer noted that additional restrictions had been introduced in OS X 10.10.4, adding in a comment two days later that he believed the then-current versions of OS X 10.9 (with Security Update 2015-005) and 10.10 to be safe from the exploit.[8]

In November 2017, a similar vulnerability was revealed which allowed logging in as root with no password.[9]

References

  1. ^ a b c Nadine Juliana Dressler (3 November 2014). "Achtung vor Rootpipe: Super-User-Rechte ohne Passwort am Mac".
  2. ^ "Apple Mac OSX < 10.9/10 - Privilege Escalation". exploit-db. 13 April 2015.
  3. ^ "Trusteer Rapport, Neil Kettle - 44CON 2011". youtube. 23 October 2011.
  4. ^ "Swedish hacker finds 'serious' vulnerability in OS X Yosemite". Macworld. 31 October 2014.
  5. ^ Fabian Scherschel (2015-04-18). "Root-Lücke in OS X". C't. 2015 (10). Heise: 49.
  6. ^ "OS X 10.10.3 still vulnerable". 21 April 2015.
  7. ^ Krystle Vermes (21 April 2015). "Rootpipe continues: Former NSA staffer finds Mac vulnerability - Digital Trends". Digital Trends.
  8. ^ "Exploiting rootpipe again". July 2015.
  9. ^ "Apple rushes to fix major password bug". BBC News. 29 November 2017.

Content Disclaimer

Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.

  1. The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
  2. There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
  3. It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
  4. Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
  5. Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.