34:(root) access. This is considered problematic as the first user account created under OS X is furnished with administrator rights by default. By leveraging other security vulnerabilities on a system, such as an unpatched web browser, rootpipe could be used by an attacker to help gain complete control of the operating system.
64:
versions 10.7.5, 10.8.2, 10.9.5 and 10.10.2. OS X 10.10.3 was officially designated as patched by Apple, but
Kvarnhammar (crediting Patrick Wardle) has blogged that the vulnerability is still present in that version. On 1 July 2015, Kvarnhammer noted that additional restrictions had been introduced
37:
Emil
Kvarnhammar of TrueSec, a security firm credited with the discovery, says that he found the vulnerability after several days of binary analysis. He recommends creating an account without administrative privileges to be used for normal everyday work and using
578:
45:
An older exploit for the same issue was later published on exploit-db, suggesting the issue dates back to June 2010. It appears the exploit was used by the author during a presentation on
598:
65:
in OS X 10.10.4, adding in a comment two days later that he believed the then-current versions of OS X 10.9 (with
Security Update 2015-005) and 10.10 to be safe from the exploit.
264:
750:
290:
568:
512:
196:
1733:
558:
327:
682:
141:
1096:
563:
1230:
1212:
713:
491:
257:
1236:
762:
723:
358:
537:
1296:
1242:
817:
708:
644:
481:
383:
703:
476:
583:
295:
285:
250:
1457:
847:
634:
573:
532:
430:
952:
687:
450:
1641:
982:
837:
629:
522:
466:
1122:
1091:
718:
1260:
827:
745:
651:
624:
181:
1416:
1080:
553:
486:
332:
1290:
1146:
977:
639:
68:
In
November 2017, a similar vulnerability was revealed which allowed logging in as root with no password.
214:
1431:
1266:
1050:
414:
30:
whereby a user with administrative rights, or a program executed by an administrative user, can obtain
1194:
1075:
787:
496:
445:
440:
27:
1693:
1565:
593:
409:
1703:
1698:
1595:
1224:
987:
913:
603:
404:
1708:
1590:
1560:
1164:
1020:
378:
342:
1636:
1488:
1411:
1060:
997:
872:
321:
50:
1646:
1621:
1585:
1513:
1426:
1421:
1065:
857:
767:
471:
1385:
1380:
1070:
1055:
1045:
1040:
972:
947:
942:
937:
882:
337:
1727:
1508:
967:
926:
922:
918:
1452:
1406:
1206:
1170:
1025:
1015:
908:
903:
898:
772:
588:
517:
197:"Rootpipe continues: Former NSA staffer finds Mac vulnerability - Digital Trends"
1688:
1678:
1626:
1534:
1478:
1390:
1339:
1200:
1030:
757:
388:
160:
228:
1631:
1616:
1544:
1334:
1284:
1188:
1140:
1116:
1104:
962:
887:
877:
867:
852:
812:
737:
368:
123:
57:
105:
1662:
1539:
1503:
1493:
1365:
1182:
932:
862:
802:
363:
39:
31:
1570:
1498:
1483:
1302:
1278:
1152:
1035:
957:
792:
777:
677:
656:
435:
46:
1600:
1473:
1436:
1370:
1349:
1319:
1272:
1254:
1176:
1110:
892:
807:
797:
782:
242:
91:
1683:
1575:
1529:
1344:
1158:
1128:
1007:
992:
822:
661:
373:
1308:
1248:
1218:
527:
1580:
1375:
619:
61:
23:
246:
142:"Swedish hacker finds 'serious' vulnerability in OS X Yosemite"
92:"Achtung vor Rootpipe: Super-User-Rechte ohne Passwort am Mac"
559:
22:
is a security vulnerability found in some versions of
60:
in
October 2014, and has been reported as present in
1671:
1655:
1609:
1553:
1522:
1466:
1445:
1399:
1358:
1327:
1318:
1089:
1006:
836:
736:
696:
670:
612:
546:
505:
459:
423:
397:
351:
314:
307:
106:"Apple Mac OSX < 10.9/10 - Privilege Escalation"
599:Russian interference in the 2016 U.S. elections
258:
8:
124:"Trusteer Rapport, Neil Kettle - 44CON 2011"
569:Democratic National Committee cyber attacks
90:Nadine Juliana Dressler (3 November 2014).
1324:
513:Office of Personnel Management data breach
311:
265:
251:
243:
229:"Apple rushes to fix major password bug"
77:
162:) (2015-04-18). "Root-Lücke in OS X".
7:
85:
83:
81:
564:Commission on Elections data breach
56:The vulnerability was reported to
14:
724:Jeff Bezos phone hacking incident
1297:Microarchitectural Data Sampling
533:Ukrainian Power Grid Cyberattack
441:Cyberterrorism attack of June 25
195:Krystle Vermes (21 April 2015).
645:2017 Ukraine ransomware attacks
482:2014 JPMorgan Chase data breach
182:"OS X 10.10.3 still vulnerable"
477:2014 celebrity nude photo leak
1:
1734:Privilege escalation exploits
714:Bulgarian revenue agency hack
492:Russian hacker password theft
848:Bangladesh Black Hat Hackers
324:(publication of 2009 events)
709:Baltimore ransomware attack
215:"Exploiting rootpipe again"
1750:
983:Tailored Access Operations
630:WannaCry ransomware attack
523:Ashley Madison data breach
467:Anthem medical data breach
384:PlayStation network outage
719:WhatsApp snooping scandal
584:Indian Bank data breaches
278:
1261:Speculative Store Bypass
828:Ukrainian Cyber Alliance
625:2017 Macron e-mail leaks
635:Westminster data breach
554:Bangladesh Bank robbery
497:2014 Yahoo! data breach
487:2014 Sony Pictures hack
446:2013 Yahoo! data breach
431:South Korea cyberattack
333:Operation Olympic Games
328:Australian cyberattacks
978:Syrian Electronic Army
688:SingHealth data breach
451:Singapore cyberattacks
389:RSA SecurID compromise
16:Security vulnerability
1267:Lazy FP state restore
1051:Kristoffer von Hassel
704:Sri Lanka cyberattack
574:Vietnam Airport Hacks
415:Operation High Roller
1213:Silent Bob is Silent
273:Hacking in the 2010s
28:privilege escalation
1147:SS7 vulnerabilities
683:Atlanta cyberattack
652:Equifax data breach
410:Stratfor email leak
359:Canadian government
338:Operation ShadowNet
235:. 29 November 2017.
159:Fabian Scherschel (
1596:Petya and NotPetya
1225:ROCA vulnerability
988:The Shadow Brokers
914:Iranian Cyber Army
840:persistent threats
640:Petya and NotPetya
604:2016 Bitfinex hack
579:DCCC cyber attacks
538:SWIFT banking hack
148:. 31 October 2014.
130:. 23 October 2011.
1721:
1720:
1717:
1716:
1709:ZeroAccess botnet
1021:Mustafa Al-Bassam
788:New World Hackers
751:associated events
732:
731:
528:VTech data breach
379:Operation AntiSec
343:Operation Payback
302:
301:
1741:
1325:
998:Yemen Cyber Army
322:Operation Aurora
312:
281:
280:
267:
260:
253:
244:
237:
236:
225:
219:
218:
211:
205:
204:
192:
186:
185:
184:. 21 April 2015.
178:
172:
171:
170:(10). Heise: 49.
156:
150:
149:
138:
132:
131:
120:
114:
113:
112:. 13 April 2015.
102:
96:
95:
87:
1749:
1748:
1744:
1743:
1742:
1740:
1739:
1738:
1724:
1723:
1722:
1713:
1667:
1651:
1605:
1549:
1518:
1462:
1441:
1395:
1354:
1314:
1094:
1092:vulnerabilities
1085:
1002:
895:(confederation)
858:Charming Kitten
839:
832:
768:Goatse Security
728:
692:
666:
657:Deloitte breach
608:
594:Dyn cyberattack
542:
501:
472:Operation Tovar
455:
419:
393:
347:
308:Major incidents
303:
274:
271:
241:
240:
227:
226:
222:
213:
212:
208:
194:
193:
189:
180:
179:
175:
158:
157:
153:
140:
139:
135:
122:
121:
117:
104:
103:
99:
89:
88:
79:
74:
17:
12:
11:
5:
1747:
1745:
1737:
1736:
1726:
1725:
1719:
1718:
1715:
1714:
1712:
1711:
1706:
1701:
1696:
1691:
1686:
1681:
1675:
1673:
1669:
1668:
1666:
1665:
1659:
1657:
1653:
1652:
1650:
1649:
1644:
1639:
1634:
1629:
1624:
1619:
1613:
1611:
1607:
1606:
1604:
1603:
1598:
1593:
1588:
1583:
1578:
1573:
1568:
1563:
1557:
1555:
1551:
1550:
1548:
1547:
1542:
1537:
1532:
1526:
1524:
1520:
1519:
1517:
1516:
1511:
1506:
1501:
1496:
1491:
1486:
1481:
1479:Black Energy 3
1476:
1470:
1468:
1464:
1463:
1461:
1460:
1455:
1449:
1447:
1443:
1442:
1440:
1439:
1434:
1429:
1424:
1419:
1414:
1409:
1403:
1401:
1397:
1396:
1394:
1393:
1388:
1386:Metulji botnet
1383:
1378:
1373:
1368:
1362:
1360:
1356:
1355:
1353:
1352:
1347:
1342:
1340:Black Energy 2
1337:
1331:
1329:
1322:
1316:
1315:
1313:
1312:
1306:
1300:
1294:
1288:
1282:
1276:
1270:
1264:
1258:
1252:
1246:
1240:
1234:
1228:
1222:
1216:
1210:
1204:
1198:
1195:Broadcom Wi-Fi
1192:
1186:
1180:
1174:
1168:
1162:
1156:
1150:
1144:
1138:
1132:
1126:
1120:
1114:
1108:
1101:
1099:
1087:
1086:
1084:
1083:
1078:
1073:
1068:
1063:
1058:
1056:Junaid Hussain
1053:
1048:
1046:Jeremy Hammond
1043:
1041:Elliott Gunton
1038:
1033:
1028:
1023:
1018:
1012:
1010:
1004:
1003:
1001:
1000:
995:
990:
985:
980:
975:
973:Stealth Falcon
970:
965:
960:
955:
950:
948:PLA Unit 61486
945:
943:PLA Unit 61398
940:
938:Numbered Panda
935:
930:
916:
911:
906:
901:
896:
890:
885:
883:Equation Group
880:
875:
870:
865:
860:
855:
850:
844:
842:
834:
833:
831:
830:
825:
820:
815:
810:
805:
800:
795:
790:
785:
780:
775:
770:
765:
760:
755:
754:
753:
742:
740:
734:
733:
730:
729:
727:
726:
721:
716:
711:
706:
700:
698:
694:
693:
691:
690:
685:
680:
674:
672:
668:
667:
665:
664:
659:
654:
649:
648:
647:
637:
632:
627:
622:
616:
614:
610:
609:
607:
606:
601:
596:
591:
586:
581:
576:
571:
566:
561:
556:
550:
548:
544:
543:
541:
540:
535:
530:
525:
520:
515:
509:
507:
503:
502:
500:
499:
494:
489:
484:
479:
474:
469:
463:
461:
457:
456:
454:
453:
448:
443:
438:
433:
427:
425:
421:
420:
418:
417:
412:
407:
401:
399:
395:
394:
392:
391:
386:
381:
376:
374:HBGary Federal
371:
366:
361:
355:
353:
349:
348:
346:
345:
340:
335:
330:
325:
318:
316:
309:
305:
304:
300:
299:
293:
288:
279:
276:
275:
272:
270:
269:
262:
255:
247:
239:
238:
220:
206:
201:Digital Trends
187:
173:
151:
133:
115:
97:
76:
75:
73:
70:
15:
13:
10:
9:
6:
4:
3:
2:
1746:
1735:
1732:
1731:
1729:
1710:
1707:
1705:
1702:
1700:
1697:
1695:
1692:
1690:
1687:
1685:
1682:
1680:
1677:
1676:
1674:
1670:
1664:
1661:
1660:
1658:
1654:
1648:
1645:
1643:
1640:
1638:
1635:
1633:
1630:
1628:
1625:
1623:
1620:
1618:
1615:
1614:
1612:
1608:
1602:
1599:
1597:
1594:
1592:
1589:
1587:
1584:
1582:
1579:
1577:
1574:
1572:
1569:
1567:
1564:
1562:
1559:
1558:
1556:
1552:
1546:
1543:
1541:
1538:
1536:
1533:
1531:
1528:
1527:
1525:
1521:
1515:
1512:
1510:
1509:Gameover ZeuS
1507:
1505:
1502:
1500:
1497:
1495:
1492:
1490:
1487:
1485:
1482:
1480:
1477:
1475:
1472:
1471:
1469:
1465:
1459:
1456:
1454:
1451:
1450:
1448:
1444:
1438:
1435:
1433:
1430:
1428:
1425:
1423:
1420:
1418:
1415:
1413:
1410:
1408:
1405:
1404:
1402:
1398:
1392:
1389:
1387:
1384:
1382:
1379:
1377:
1374:
1372:
1369:
1367:
1364:
1363:
1361:
1357:
1351:
1348:
1346:
1343:
1341:
1338:
1336:
1333:
1332:
1330:
1326:
1323:
1321:
1317:
1310:
1307:
1304:
1301:
1298:
1295:
1292:
1289:
1286:
1283:
1280:
1277:
1274:
1271:
1268:
1265:
1262:
1259:
1256:
1253:
1250:
1247:
1244:
1241:
1238:
1235:
1232:
1229:
1226:
1223:
1220:
1217:
1214:
1211:
1208:
1205:
1202:
1199:
1196:
1193:
1190:
1187:
1184:
1181:
1178:
1175:
1172:
1169:
1166:
1163:
1160:
1157:
1154:
1151:
1148:
1145:
1142:
1139:
1136:
1133:
1130:
1127:
1124:
1121:
1118:
1115:
1112:
1109:
1106:
1103:
1102:
1100:
1098:
1093:
1088:
1082:
1079:
1077:
1074:
1072:
1069:
1067:
1064:
1062:
1059:
1057:
1054:
1052:
1049:
1047:
1044:
1042:
1039:
1037:
1034:
1032:
1029:
1027:
1024:
1022:
1019:
1017:
1014:
1013:
1011:
1009:
1005:
999:
996:
994:
991:
989:
986:
984:
981:
979:
976:
974:
971:
969:
968:Rocket Kitten
966:
964:
961:
959:
956:
954:
951:
949:
946:
944:
941:
939:
936:
934:
931:
928:
924:
920:
919:Lazarus Group
917:
915:
912:
910:
907:
905:
902:
900:
897:
894:
891:
889:
886:
884:
881:
879:
876:
874:
871:
869:
866:
864:
861:
859:
856:
854:
851:
849:
846:
845:
843:
841:
835:
829:
826:
824:
821:
819:
816:
814:
811:
809:
806:
804:
801:
799:
796:
794:
791:
789:
786:
784:
781:
779:
776:
774:
771:
769:
766:
764:
761:
759:
756:
752:
749:
748:
747:
744:
743:
741:
739:
735:
725:
722:
720:
717:
715:
712:
710:
707:
705:
702:
701:
699:
695:
689:
686:
684:
681:
679:
676:
675:
673:
669:
663:
662:Disqus breach
660:
658:
655:
653:
650:
646:
643:
642:
641:
638:
636:
633:
631:
628:
626:
623:
621:
618:
617:
615:
611:
605:
602:
600:
597:
595:
592:
590:
587:
585:
582:
580:
577:
575:
572:
570:
567:
565:
562:
560:
557:
555:
552:
551:
549:
545:
539:
536:
534:
531:
529:
526:
524:
521:
519:
516:
514:
511:
510:
508:
504:
498:
495:
493:
490:
488:
485:
483:
480:
478:
475:
473:
470:
468:
465:
464:
462:
458:
452:
449:
447:
444:
442:
439:
437:
436:Snapchat hack
434:
432:
429:
428:
426:
422:
416:
413:
411:
408:
406:
405:LinkedIn hack
403:
402:
400:
396:
390:
387:
385:
382:
380:
377:
375:
372:
370:
367:
365:
362:
360:
357:
356:
354:
350:
344:
341:
339:
336:
334:
331:
329:
326:
323:
320:
319:
317:
313:
310:
306:
298: →
297:
294:
292:
289:
287:
284:←
283:
282:
277:
268:
263:
261:
256:
254:
249:
248:
245:
234:
230:
224:
221:
216:
210:
207:
202:
198:
191:
188:
183:
177:
174:
169:
165:
161:
155:
152:
147:
143:
137:
134:
129:
125:
119:
116:
111:
107:
101:
98:
93:
86:
84:
82:
78:
71:
69:
66:
63:
59:
54:
52:
48:
43:
41:
35:
33:
29:
25:
21:
1453:CryptoLocker
1207:DoublePulsar
1134:
1026:Cyber Anakin
1016:Ryan Ackroyd
909:Helix Kitten
904:Hacking Team
899:Guccifer 2.0
773:Lizard Squad
589:Surkov leaks
518:Hacking Team
232:
223:
217:. July 2015.
209:
200:
190:
176:
167:
163:
154:
145:
136:
127:
118:
109:
100:
67:
55:
44:
36:
26:that allows
19:
18:
1689:NetTraveler
1627:LogicLocker
1535:Hidden Tear
1432:Red October
1291:Dragonblood
1201:EternalBlue
1165:Stagefright
1031:George Hotz
1008:Individuals
758:CyberBerkut
49:Rapport at
1632:Rensenware
1617:BrickerBot
1545:TeslaCrypt
1335:Bad Rabbit
1285:Foreshadow
1189:Cloudbleed
1141:Row hammer
1123:Shellshock
1117:Heartbleed
1105:Evercookie
1081:The Jester
963:Red Apollo
923:BlueNorOff
893:GOSSIPGIRL
888:Fancy Bear
878:Elfin Team
873:DarkMatter
868:Dark Basin
853:Bureau 121
813:Teamp0ison
738:Hacktivism
369:DNSChanger
110:exploit-db
72:References
58:Apple Inc.
1663:VPNFilter
1540:Rombertik
1504:FinFisher
1494:DarkHotel
1458:DarkSeoul
1366:Coreflood
1231:BlueBorne
1183:Dirty COW
1097:disclosed
1095:publicly
933:NSO Group
863:Cozy Bear
803:PayPal 14
746:Anonymous
620:SHAttered
364:DigiNotar
40:FileVault
32:superuser
1728:Category
1704:Titanium
1647:XafeCopy
1642:WannaCry
1571:KeRanger
1499:Duqu 2.0
1484:Carbanak
1303:BlueKeep
1279:SigSpoof
1237:Meltdown
1153:WinShock
1135:Rootpipe
1036:Guccifer
958:Pranknet
953:PLATINUM
927:AndAriel
838:Advanced
793:NullCrew
778:LulzRaft
678:Trustico
291:Timeline
233:BBC News
146:Macworld
47:Trusteer
20:Rootpipe
1601:X-Agent
1591:Pegasus
1474:Brambul
1437:Shamoon
1381:Kelihos
1371:Alureon
1350:Stuxnet
1320:Malware
1273:TLBleed
1255:Exactis
1243:Spectre
1177:Badlock
1111:iSeeYou
1076:Topiary
808:RedHack
798:OurMine
783:LulzSec
128:youtube
1684:Joanap
1637:Triton
1576:Necurs
1566:Jigsaw
1561:Hitler
1530:Dridex
1489:Careto
1412:Dexter
1345:SpyEye
1311:(2019)
1305:(2019)
1299:(2019)
1293:(2019)
1287:(2018)
1281:(2018)
1275:(2018)
1269:(2018)
1263:(2018)
1257:(2018)
1251:(2018)
1245:(2018)
1239:(2018)
1233:(2017)
1227:(2017)
1221:(2017)
1215:(2017)
1209:(2017)
1203:(2017)
1197:(2017)
1191:(2017)
1185:(2016)
1179:(2016)
1173:(2016)
1167:(2015)
1161:(2015)
1159:JASBUG
1155:(2014)
1149:(2014)
1143:(2014)
1137:(2014)
1131:(2014)
1129:POODLE
1125:(2014)
1119:(2014)
1113:(2013)
1107:(2010)
1090:Major
1071:Track2
993:xDedic
823:UGNazi
53:2011.
1699:Tinba
1586:Mirai
1514:Regin
1427:Mahdi
1422:Flame
1407:Carna
1391:Stars
1309:Kr00k
1249:EFAIL
1219:KRACK
1171:DROWN
296:2020s
286:2000s
51:44con
1694:R2D2
1679:Grum
1672:2019
1656:2018
1622:Kirk
1610:2017
1581:MEMZ
1554:2016
1523:2015
1467:2014
1446:2013
1400:2012
1376:Duqu
1359:2011
1328:2010
1066:Sabu
818:TDO
763:GNAA
697:2019
671:2018
613:2017
547:2016
506:2015
460:2014
424:2013
398:2012
352:2011
315:2010
168:2015
62:OS X
24:OS X
1417:FBI
1061:MLT
925:) (
164:C't
1730::
231:.
199:.
166:.
144:.
126:.
108:.
80:^
42:.
929:)
921:(
266:e
259:t
252:v
203:.
94:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.