A relatively long-standing vulnerability in OS X has been uncovered by a Swedish hacker, Emil Kvarnhammar, who has dubbed it “rootpipe” by the so-far undisclosed method in which it can be used to take control of your Mac. In this vulnerability, a flaw allows a hacker to gain administrative access of a system without supplying a password, and then be able to interact with your Mac as an administrator.
In an interview with MacWorld, Kvarnhammar describes this bug as having been present in OS X 10.8.5, but he was not able to replicate it in 10.9; however, Apple has shuffled around its code in OS X 10.10 so the bug again allows access.
In contacting Apple about the issue, Kvarnhammar did not get a response; however, Apple has agreed upon a date in January for full disclosure of the vulnerability’s details, suggesting Apple has indirectly acknowledged the issue and is developing a fix to be out by then.
In the mean time, this and other privilege-escalation vulnerabilities can be managed by taking two important security steps with your Mac:
Use a standard user account
The process for switching to a standard account for daily use is easy and painless:
- Open the Users & Groups system preferences and authenticate by clicking the lock.
- Create a new user account, and check the box to allow the user to administer the computer.
- Log out of your current account, and log into the new administrator account.
- Go back to the Users & Groups system preferences and again unlock them.
- Select your main user account and uncheck the option to allow the user to administer the computer.
When finished, you can log out and back into your main account, and be able to use it as if there is no difference. Now whenever you need to administer your system by installing programs or changing settings that require admin access, you will supply the username and password of your new admin account, instead of that for your current account. This is a trivial difference in function, but does allow your Mac to run with added security.
In addition to running as a standard user, consider enabling FileVault on your Mac. This is another recommendation by Kvarnhammar for preventing the “rootpipe” vulnerability from being used. In general, it is also a good idea, especially for portable systems, to have the entire contents of the drive encrypted. This will prevent a system from being rebooted in alternative modes to bypass the operating system’s security features and access data on the drive. Without the encryption password, the data on your Mac’s drive will be completely inaccessible.
FileVault can be enabled by authenticating in the Security & Privacy system preferences, and then clicking the “Turn On FileVault” feature in the FileVault tab. Follow the on-screen instructions for managing your encryption key and enabling specific user accounts for unlocking the drive, and after your drive encrypts (it may take a few hours) your Mac’s drive will be fully encrypted.