Mac Security Flaw “Rootpipe” puts Your Company's Data at Risk

Mac Security Flaw

Last August Emil Kvarnhammar, a consultant at a Swedish IT Security Firm TrueSec, discovered a flaw in Mac devices running OS X Yosemite, Mavericks, and Mountain Lion. Kvarnhammar has named the security flaw “Rootpipe”. He says the security flaw affects companies’ business information, data stored on all company devices, and private customer data. Any hacker who wants to exploit this security flaw can access your system and bypass your login credentials.

The Rootpipe vulnerability will give hackers access to any Mac computer without knowing the person’s password. Therefore, any hacker can circumvent the existing security measures to gain administrator-level privileges. According to Kvarnhammar this security flaw has existed since 2011. However, he only discovered the flaw last year in October.

Furthermore, according to Ars Technica, a security analytics at Source DNA claims that another security flaw in Mac devices is leaving around 1500 iPhones and iPad apps vulnerable to hackers. Technica has estimated that this crippling bug will affect over two millions users that have installed the different vulnerable apps on their devices.

If you have installed Citrix Open Voice Audio Conferencing, Movies by Flixstar with Rotten Tomatoes, Alibaba.com mobile app, KYBankAgent 3.0 and Revo Restaurant Point of Sale on any of your devices you are vulnerable to attacks. The weakness found is these apps are a direct result of the AFNetworking or open-source library. For more information how this flaw can affect you, please read Risk Assessment/Security & Hacktivism.

Rootpipe Vulnerability In Their NEW OS X Version

In April, Apple has attempted to patch the Rootpipe vulnerability in their new OS X 10.10.3 version. Unfortunately, any older versions of the OS X are still left vulnerable. According to Patrick Wardle a former NSA agent, he claims the new patch still has flaws and devices continue to remain vulnerable to attack. In his report he says that any Mac running OS X 10.10.3 or older are still affected by the Rootpipe flaw.

Just recently Apple faced another security flaw they have called “FREAK”. This new security flaw affected everything from an iPod touch to an Apple TV. All Apple devices were vulnerable to the flaw and could have their sensitive information stolen by hackers. Fortunately, Apple quickly released a few security updates to repair this flaw.

Until the Rootpipe flaw is fixed you need to protect your Mac devices used in your business. Therefore, all companies should:

  1. Stop using the default admin account on all devices. Instead, everyone needs to create a separate user account.
  2. All devices need to install and use Apple’s FileVault to keep their data encrypted.
  3. Keep all your Mac devices update and protected with Apple’s latest security updates.

Image: pixabay.com

More about: apple, security, flaws, apps, os+x, rootpipe

Recommended Posts | IT News

Google Inc. On An Acquisition Spree

Google Inc. On An Acquisition Spree

The Mountain View internet giant was reported to have spent approximately $17 billion on acquisition of such firms in the last two years. This figure beats the amount top rivals including Apple and Microsoft spent on acquisition combined. Google's latest addition to its portfolio ...
Mobile Startup Movirtu

BlackBerry Acquires Mobile Startup Movirtu To Enterprise Mobility

BlackBerry Ltd. has acquired Movirtu Ltd., a UK-based mobile technology startup whose software allows users to have both a business number and personal number on the same mobile device. BlackBerry is buying Movirtu Ltd. to boost its smartphone management capabilities and better target business users ...
Google's Kubernetes

Google's Kubernetes to get a new Friend - Archrival Microsoft

An unlikely ally has come to join Google's Kubernetes container migration and management system and it's not just an ordinary company - it's big. Kubernetes, the open-source container-management project that Google announced in June, is gaining strong support from the tech crowd ...
Metacloud Acquisition

Cisco Systems Expands Cloud Business with Metacloud Acquisition

Cisco Systems acquire Metacloud, which specializes in private clouds based on the OpenStack-based cloud computing platform. Metacloud provides private cloud solutions to large organizations with a OpenStack-as-a-Service model, delivering ready-to-use private clouds in customer's own data centers ...