It was announced this week that a serious vulnerability has been lurking within Apple's OS X Yosemite and may allow cybercriminals to gain root access to devices running the operating system.
The flaw is dubbed Rootpipe and was discovered by Swedish white-hat hacker Emil Kvarnhammar, a security analyst for TrueSec. While specific details about the flaw have not yet been made available, Kvarnhammar has shared that the vulnerability allows "privilege escalation from admin to root," and that Rootpipe is able to circumvent the usual password protections put in place on admin accounts. He suggested users switch to non-admin accounts until a fix is available.
According to Business Insider contributor Sam Colt, the vulnerability affects users of multiple Apple OS versions, including Yosemite, Mavericks and Mountain Lion and allows attackers to install malware, steal information or even erase victims' hard drives.
In an interview with Macworld, Kvarnhammar explained that he found the flaw while looking for a modern Mac vulnerability to demonstrate at a recent developer's conference in Sweden. He conducted some binary analysis and detected a flaw in the Mountain Lion OS. From there, Kvarnhammar found a way to bypass security measures within Mavericks and Yosemite as well. While Kvarnhammar is sticking to responsible disclosure guidelines – allowing the affected vendor at least 90 days to create a patch for the attack before details are released – he said that he was announcing the existence of the vulnerability so people would be aware it's out there and be on the lookout for a patch.
Fix for Rootpipe flaw may take awhile
Apple has yet to publicly acknowledge the existence of Rootpipe, but that seems to be the company's standard procedure for vulnerabilities until a fix has been created. Kvarnhammar has said that he was asked to withhold the details he has about the flaw until January, suggesting that Apple will not be able to provide a patch for compromised systems until then.
It seems like a new system vulnerability is discovered every day, and as is evidenced with Apple's slow rollout of a Rootpipe patch, vendors can't always keep up with the security demands presented by the growing number of flaws. One way organizations can increase protection against insidious attacks is by implementing security information and event management. SIEM services provide companies with around the clock monitoring of sensitive networks and systems and constantly records activity in order to identify any suspicious behavior that might suggest a breach. This activity information is then analyzed and used to gain actionable insights into the current threat landscape in order to create a more effective defense strategy. With a managed SIEM solution, companies can rest assured that someone is keeping an eye on business-critical systems and any threats are detected quickly and effectively.