Apple still isn't protecting OS X Yosemite users from Rootpipe

Apple has failed to plug a significant security flaw in OS X Yosemite that leaves all Macs running the OS open to a vulnerability that can take over the whole machine.

First reported by Forbes, Patrick Wardle, a former NSA staffer who is now head of research at Synack, claims that he wrote code able to exploit the vulnerability despite Apple’s latest version of Yosemite that was supposed to have prevented it.

The Rootpipe vulnerability allows hackers to ramp up a user’s privileges to then make it more simple to take over an entire machine or alternatively spread malware across the whole system.

Wardle discovered that the extra access controls put in place by Apple in the latest update issued this month can still be bypassed and the former NSA staffer was able to connect to the vulnerable service before starting to overwrite files on his Mac.

“I was tempted to walk into the Apple store this [afternoon] and try it on the display models – but I stuck to testing it on my personal laptop (fully updated/patched) as well as my OS X 10.10.3 [virtual machine]. Both worked like a charm,” Wardle jokingly added.

When do we get our fix?

The attack code, which Wardle would not reveal, has been passed on to Apple in the hope that it comes up with a fix for the bug that cannot be bypassed, however, that could take some time if its history with Rootpipe is taken into account.

Apple was first informed of the Rootpipe back door in October 2014 and, even though it planned to issue a fix in January, the update didn’t actually arrive until April and as we’ve seen it doesn’t seem to have done the job.