Apple Releases ‘Rootpipe’ Patch

Apple released a software patch this past week to address a security hole created by a hidden backdoor API known as Rootpipe. Rootpipe was discovered in October of 2014. It leaves a vulnerability in OS X that has existed since at least release 10.7. The API can be exploited to gain root privileges.

A patch has been released this past week to address the issue. Latest updates to the OS X operating system will include this patch. However, Apple will not be releasing a patch for any system running below version 10.10. Of three billion internet users NetMarketShare data shows that around 3.1 percent of them are using Mac OS versions with the vulnerability, 10.7/8/9 that will not be patched. Forbes estimates that conservatively this will mean that two percent of three billion internet users will remain vulnerable to the exploit, around sixty million computers.

Although the vulnerability was discovered last October it has been part of Mac OS X since 2011 when version 10.7 was originally released. Mac users should update their software as soon as possible to patch this as well as around eighty other security issues.

Jacob R Hooker

Edit: An earlier version of this article misstated the world’s estimated three billion internet users as Mac users and has been updated to correct the error.

Source:

http://www.forbes.com/sites/thomasbrewster/2015/04/09/apple-leaves-rootpipe-backdoors-in-3-per-cent-of-all-pcs-on-the-planet/?ss=Security

http://www.securityweek.com/apple-finally-patches-%E2%80%9Crootpipe%E2%80%9D-privilege-escalation-flaw-os-x

 

Advertisements