{"id":40240,"date":"2015-04-13T09:11:16","date_gmt":"2015-04-13T16:11:16","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=40240"},"modified":"2016-10-07T11:27:20","modified_gmt":"2016-10-07T18:27:20","slug":"rootpipe-backdoor-flaw-no-patch","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/rootpipe-backdoor-flaw-no-patch\/","title":{"rendered":"Rootpipe Backdoor Flaw Not Going to be Patched on Older Versions of OS X"},"content":{"rendered":"

\"Rootpipe\"
\nThere’s bad news for Mac users who aren’t planning (or aren’t able) to update their copies of OS X to 10.10.3.<\/p>\n

You are at risk from a serious security bug, that could be exploited by malicious hackers to crowbar open a backdoor into your computer.<\/p>\n

And that means that criminals could take complete control of your iMac or MacBook, stealing information, planting malware, and spying on your activities.<\/p>\n

The security flaw is one that we have discussed on the Mac Security blog before: the so-called “Rootpipe”<\/a>\u00a0privilege escalation bug (CVE-2015-1130).<\/p>\n

The good news is that Apple patched the vulnerability in its code in last week’s OS X 10.10.3 update<\/a>.<\/p>\n

But there is bad news, too.<\/p>\n

According to a blog post<\/a> by Swedish security researcher Emil Kvarnhammar, who discovered and warned Apple about the Rootpipe flaw<\/a> last year, only OS X Yosemite seems to be getting the fix.<\/p>\n

Apple’s engineers in Cupertino, it appears, have decided that backporting the bug fix into older versions of OS X is too much like hard work.<\/p>\n

“Apple indicated that this issue required a substantial amount of changes on their side, and that they will not back port the fix to 10.9.x and older.”<\/p><\/blockquote>\n

The problem is, of course, that if Apple itself can’t fix its legacy code because it’s too tricky, there’s little chance that anyone else will. In short, earlier versions of OS X aren’t going to get fixed.<\/p>\n

Which means that if you are unable to upgrade the version of OS X on your computer, you have been left\u2014somewhat precariously\u2014in the lurch.<\/p>\n

Some reports claim that over 50% of Mac users are already using OS X Yosemite<\/a>, which is encouraging\u2014but that still means that approximately half of all Macs out there are running a vulnerable version of the operating system, which could potentially be exploited by hackers.<\/p>\n

\"EmilIn the opinion of security researcher Emil Kvarnhammar, there is only one good piece of advice that\u00a0can be offered to vulnerable Mac users:<\/p>\n

“Apple has now released OS X 10.10.3 where the issue is resolved. OS X 10.9.x and older remain vulnerable, since Apple decided not to patch these versions. We recommend that all users upgrade to 10.10.3.”<\/p><\/blockquote>\n

I would certainly agree with that. If there is any way that you can update your Macs to 10.10.3, do so now, because Kvarnhammar says that he will be fully disclosing all details of the Rootpipe vulnerability at the end of May at a Swedish security conference.<\/p>\n

In short, the clock is ticking for users of older versions of OS X, and it wouldn’t be at all surprising to see hackers attempt to exploit the flaw.<\/p>\n

Against that backdrop, it does seem reasonable to ask the following question: Should Apple have tried harder to protect users of older versions of OS X?<\/p>\n

Or is it acceptable for Apple to only support those who are using the latest-and-greatest version, and thumb their noses at those who can’t (or won’t) upgrade to Yosemite?<\/p>\n

What do you think? Leave a comment with your point of view below.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Bad news. Older versions of OS X are not receiving a security patch that could prevent hackers from taking complete control of your MacBooks and iMacs.<\/p>\n","protected":false},"author":34,"featured_media":40249,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[5],"tags":[2140,2137,168,1624,144],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\t\n\t\n\t\n