Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Hacker finds 'serious' vulnerability in OS X Yosemite

https://www.youtube.com/watch?v=fCQg2I_pFDk

Truce's own material states up to Beta 6 affected but doesn't confirm the General release is affected....?

He states: "there are ways to protect against rootpipe and enhance the security of your Mac generally. Step one is to make sure you’re not running the system on a daily basis with an admin account—that is, one that has admin privileges."

So it seems to need an account running that already has admin rights???
 
Please clarify the observation of what was read

Macworld states that the vulnerability "… affects the newest OS X release, version 10.10".

simonsi said:
… doesn't confirm the General release is affected....? …
Click to expand...

Does your question mean that you cannot tell – from the video and/or Truce's material – whether anyone other than Magnus Aschan (Macworld) associates the vulnerability with the released build of the operating system?

Please summarise/clarify – thanks.

----

Side note: if it's the same type of vulnerability that I reported to Apple, which affected multiple releases of the operating system at the time, it's feasible that what I reported could be used for escalation of privileges. If I recall correctly: when I last tested, a few months before WWDC 2014, it did affect Mavericks. In the Macworld article I see "…tried on 10.9 but with no luck. …" but that's not definitive enough for me to tell whether it's different from what I reported (and I don't expect Emil Kvarnhammar to divulge further details – responsible disclosure, and so on). I don't plan to test the released build of 10.10 – sorry.
 
Last edited:
grahamperrin said:
Does your question mean that you cannot tell – from the video and/or Truce's material – whether anyone other than Magnus Aschan (Macworld) associates the vulnerability with the released build of the operating system?

Please summarise/clarify – thanks.
Click to expand...

Truce's page with the video only refer's to Beta 6, it doesn't mention the release build at all either way, shame as I was hoping that was a more direct source.
 
Given the published date and time on macworld (Oct 31, 2014 10:14 AM) and the following statement:

'It affects the newest OS X release, version 10.10, known as Yosemite. Apple hasn’t fixed the flaw yet, he says, so Truesec won’t provide details yet of how it works.'

I would think it's for the current final version as well as the beta's prior to it.
 
iRoRo said:
Given the published date and time on macworld (Oct 31, 2014 10:14 AM) and the following statement:

'It affects the newest OS X release, version 10.10, known as Yosemite. Apple hasn’t fixed the flaw yet, he says, so Truesec won’t provide details yet of how it works.'

I would think it's for the current final version as well as the beta's prior to it.
Click to expand...

Yes but the media and Truesec have a vested interest in it "affecting the latest release", it would be nice if they confirmed it either way. As they specifically listed Beta 6 but no further it leaves it in doubt whether Apple may already have fixed the issue or it may effectively give us the release of 10.10.1....
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back