Hacker finds 'serious' vulnerability in OS X Yosemite

iRoRo · Oct 31, 2014

Heads up on this article found today for OSX 10.10 users.

http://www.macworld.com/article/284...s-serious-vulnerability-in-os-x-yosemite.html

simonsi · Oct 31, 2014

https://www.youtube.com/watch?v=fCQg2I_pFDk

Truce's own material states up to Beta 6 affected but doesn't confirm the General release is affected....?

He states: "there are ways to protect against rootpipe and enhance the security of your Mac generally. Step one is to make sure youre not running the system on a daily basis with an admin accountthat is, one that has admin privileges."

So it seems to need an account running that already has admin rights???

grahamperrin · Nov 1, 2014

Please clarify the observation of what was read

Macworld states that the vulnerability "… affects the newest OS X release, version 10.10".

simonsi said:
… doesn't confirm the General release is affected....? …

Does your question mean that you cannot tell – from the video and/or Truce's material – whether anyone other than Magnus Aschan (Macworld) associates the vulnerability with the released build of the operating system?

Please summarise/clarify – thanks.

----

Side note: if it's the same type of vulnerability that I reported to Apple, which affected multiple releases of the operating system at the time, it's feasible that what I reported could be used for escalation of privileges. If I recall correctly: when I last tested, a few months before WWDC 2014, it did affect Mavericks. In the Macworld article I see "…tried on 10.9 but with no luck. …" but that's not definitive enough for me to tell whether it's different from what I reported (and I don't expect Emil Kvarnhammar to divulge further details – responsible disclosure, and so on). I don't plan to test the released build of 10.10 – sorry.

simonsi · Nov 1, 2014

grahamperrin said:
Does your question mean that you cannot tell from the video and/or Truce's material whether anyone other than Magnus Aschan (Macworld) associates the vulnerability with the released build of the operating system?

Please summarise/clarify thanks.

Truce's page with the video only refer's to Beta 6, it doesn't mention the release build at all either way, shame as I was hoping that was a more direct source.

iRoRo · Nov 2, 2014

Given the published date and time on macworld (Oct 31, 2014 10:14 AM) and the following statement:

'It affects the newest OS X release, version 10.10, known as Yosemite. Apple hasnt fixed the flaw yet, he says, so Truesec wont provide details yet of how it works.'

I would think it's for the current final version as well as the beta's prior to it.

simonsi · Nov 2, 2014

iRoRo said:
Given the published date and time on macworld (Oct 31, 2014 10:14 AM) and the following statement:

'It affects the newest OS X release, version 10.10, known as Yosemite. Apple hasnt fixed the flaw yet, he says, so Truesec wont provide details yet of how it works.'

I would think it's for the current final version as well as the beta's prior to it.

Yes but the media and Truesec have a vested interest in it "affecting the latest release", it would be nice if they confirmed it either way. As they specifically listed Beta 6 but no further it leaves it in doubt whether Apple may already have fixed the issue or it may effectively give us the release of 10.10.1....

Search

Search

Hacker finds 'serious' vulnerability in OS X Yosemite

iRoRo

macrumors regular

simonsi

Contributor

grahamperrin

macrumors 601

simonsi

Contributor

iRoRo

macrumors regular

simonsi

Contributor

Our Staff