Backporting fix for Rootpipe privilege issue too much for Apple
A bug residing in the Admin framework of OS X since 2011 that can allow for privilege escalation for the root user will not be fixed except in the most current release of OS X, Swedish security researcher Emil Kvarnhammar of TrueSec has said.
"Apple indicated that this issue required a substantial amount of changes on their side, and that they will not back port the fix to 10.9.x and older," Kvarnhammar said in a blog post explaining how he found the security hole.
"Our recommendation to all OS X users out there: Upgrade to 10.10.3 (or later)."
Dubbed Rootpipe, the issue involves the use of API call, which Kvarnhammar said is likely to exist to service OS X's preferences application and systemsetup command, which does not check any access privileges, and is thus open to any user process.
"This is a local privilege escalation to root, which can be used locally or combined with remote code execution exploits," he said.
Kvarnhammar said that although he found the exploit in early October, the first Apple OS X release to fix it was this week's OS X 10.10.3 release. At one point, TrueSec and Apple agreed to delay the issue's disclosure date due to the amount of work needed in OS X to fix it.
Knowledge of Rootpipe first appeared in November, with a video published showing the exploit in action.
Since the release of OS X 10.10 Yosemite in October last year, user adoption of the new operating system was swift, with recent statistics having its usage sitting at just over 50 percent of all Mac users.