“A relatively long-standing vulnerability in OS X has been uncovered by a Swedish hacker, Emil Kvarnhammar, who has dubbed it ‘rootpipe’ by the so-far undisclosed method in which it can be used to take control of your Mac,” Topher Kessler reports for MacIssues. “In this vulnerability, a flaw allows a hacker to gain administrative access of a system without supplying a password, and then be able to interact with your Mac as an administrator.”
“In contacting Apple about the issue, Kvarnhammar did not get a response; however, Apple has agreed upon a date in January for full disclosure of the vulnerability’s details, suggesting Apple has indirectly acknowledged the issue and is developing a fix to be out by then,” Kessler reports. “In the mean time, this and other privilege-escalation vulnerabilities can be managed by taking two important security steps with your Mac: Use a standard user account [and] use FileVault.”
Read more in the full article here.