Posted by: David Harley | April 10, 2015

That OS X Backdoor…

According to Emil Kvarnhammar, a hidden backdoor API in the OS X Admin Framework has been present since 2011 if not earlier, and ‘can be exploited to escalate privileges to root from any user account in the system.’ ArsTechnica says that ‘To fully exploit the bug, attackers would need physical access to the targeted Mac’, but cites an example of how, as Kvarnhammar says, it could be ‘combined with remote code execution exploits.’

According to The Register ‘The flaw (CVE-2015-1130) is fixed in Apple’s patch run this week‘ but Apple apparently told Kvarnhammar that because of the volume of changes required, it would not be back-porting the fix to versions 10.9.x and earlier, leaving users of versions older than (patched) Yosemite 10.10 vulnerable to potential exploits.

David Harley
Small Blue-Green World

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: