Recent Exploit Targeting OS X 10.10.2 and Older

[ATTN: System administrators of OS X]

A recent exploit was announced in OS X that users should be aware of.

The exploit affects OS X 10.10.2 and older.

Users are encouraged to update to 10.10.3 as soon as possible.

OS X 10.9.x and older versions remain vulnerable and it is not clear if Apple will patch these versions.

DETAILS

The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. This API can be exploited to escalate privileges to root from any user account in the system.

While this is not remotely exploitable, it is possible to combine a remote exploit with this attack.

RESPONSE

Please upgrade as soon as possible. If you are running an unsupported version of OS X, you are encouraged to remove it from the campus network or take action to isolate the system. The Information Security Office can provide guidance, as needed. Network quarantines are not currently planned, but this may change as the situation evolves (e.g., new packaged remote exploits become available).

REFERENCE

https://threatpost.com/older-versions-of-os-x-remain-vulnerable-to-rootpipe-hidden-backdoor-api/112105

Please contact the ISO (security@utexas.edu) if you have any questions or concerns.

Thanks,

~cam.

IT Support Blog

Office of Information Technology

Recent Exploit Targeting OS X 10.10.2 and Older

Blog posts

Categories