Older Apple OS X versions remain vulnerable to critical backdoor bug

Older versions of Apple's OS X contain a bug that allows every user to get root access to the system. The bug has been patched in version OS X 10.10.3 which was released several days ago. Apple has stated it won't fix the issue for older versions of the operating system.

AppleLogo

ADVERTISEMENT

According to security researcher Emil Kvarnhammer, who discovered the issue, the vulnerability has been part of OS X since 2011. Only this week it has been patched but only for OS X Yosemite, users on older versions of OS X remain vulnerable. Kvarnhammer states that the vulnerability is a backdoor that allows any user and process to get root access on OS X systems.

According to Kvarnhammer the OS contains a hidden API, originally designed for the settings applications.  In practice however, also other processes could gain root access through this vulnerability. Although the issue can't be remotely exploited, it can be used by other malware to get root access and this way increase their capabilities. Also local users with limited rights can get full access to the system.

The issue won't be fixed as according to Kvarnhammer, "Apple indicated that this issue required a substantial amount of changes on their side, and that they will not back port the fix to 10.9.x and older."

ADVERTISEMENT

Although Apple makes it easy to update OS X and newer versions run fine on older hardware, there are still users that prefer older versions or have other reasons to not upgrade. These users are from now on all vulnerable and are advised to upgrade anyway.

No posts to display