Migrate Your Mac To OS X Yosemite 10.10.3 Immediately To Avoid Root Backdoor
"The admin framework in Apple OS X contains a hidden backdoor API to root privileges [that] can be exploited to escalate privileges to root from any user account in the system," Kvarnhammar says in an advisory. "The intention was probably to serve the System Preferences app and systemsetup command-line tool, but any user process can use the same functionality. This is a local privilege escalation to root, which can be used locally or combined with remote code execution exploits."
At this point Rootpipe is a proof-of-concept developed by Kvarnhammar, and there have been no accounts of the vulnerability being leveraged in the wild. Kvarnhammar has published exploit code ahead of a talk he will give on May 28 at Security Conference in Stockholm next month, though, and enough information will be available following that event to allow smartie transgressors galore to put together their own versions of Rootpipe.
Though Yosemite is a free upgrade for anyone with a Mac capable of running the operating system (most iMacs and MacBook variations dating from mid-2007 or later), it is known to slow down some older systems and for that reason many owners of such systems have opted not to upgrade. In the face of a vulnerability such as Rootpipe and its cousins sure to come, however, these users — as well as users of more recent systems who have decided to stick with earlier iterations of OS X — will want to make the move to Yosemite. And fast.