{"id":33463,"date":"2014-11-05T08:48:27","date_gmt":"2014-11-05T16:48:27","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=33463"},"modified":"2015-04-24T12:16:38","modified_gmt":"2015-04-24T19:16:38","slug":"rootpipe-hacker-mac","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/rootpipe-hacker-mac\/","title":{"rendered":"Rootpipe Flaw in OS X Could Allow Hackers to Completely Take Over Your Mac"},"content":{"rendered":"

\"RootpipeFor day-to-day activities on your Mac\u2014such as browsing the web, writing documents or checking your emails\u2014are you using an account with Admin privileges?<\/p>\n

I hope not. Because if you are, you’re putting yourself and the data stored on your computer at greater risk.<\/p>\n

The risk is borne out by a newly discovered vulnerability in some versions of OS X (including the newly-released 10.10 Yosemite) that could allow a hacker to take complete control of your iMac or MacBook.<\/p>\n

Swedish security researcher, Emil Kvarnhammar, calls the as-yet-unpatched privilege escalation bug “Rootpipe,” and says that a malicious hacker could gain root access\u2014the highest level of access\u2014without having to know a password. And once an attacker has root access, all bets are off.<\/p>\n

“Normally there are ‘sudo’ password requirements, which work as a barrier, so the admin can’t gain root access without entering the correct password. However, rootpipe circumvents this,” Kvarnhammar was reported<\/a> as saying.<\/p>\n

A YouTube video\u2014with a decidedly funky beat\u2014shows the vulnerability in action:<\/p>\n