Apple fixes major security flaw in OS X 10.10.3

“Apple users are being advised to upgrade to the latest OS X release, version 10.10.3, as soon as possible following the disclosure of a hidden API which allows back-door access to a system-level account.,” Gareth Halfacree reports for bit-tech.

“Security researcher Emil Kvarnhammar has proven that with the publication of a hitherto unknown back-door API in the operating system which allows any user to break free of a restricted account and gain system-level privileges,” Halfacree reports. “The flaw, Kvarnhammar claims, has been present in the system going back to at least 2011 and potentially earlier. Apple was alerted to the problem in October of last year, and worked on a patch which was included in OS X 10.10.2. Unfortunately this patch was unaffected, and it’s only with the release of OS X 10.10.3 this week that the hole has been properly secured.”

More info and links in the full article here.

MacDailyNews Take: Take the time to upgrade your Mac to the latest OS or security updates as soon as possible.


  1. There is a comment on the linked article’s page which states:

    “Accompanying security updates for 10.9 and 10.8 have also been released. However 10.7 is being left unpatched and so potentially insecure.”

    I am running 10.9.5 and do not see any updates using the “Software Update” function.

    A similar article over at ArsTechnica stated the fix was only for 10.10 and also stated the attacker must have physical access to the Mac.


      1. Here’s a few reasons: Because updates sometimes break older software. Because Yosemite is slower than Mavericks. Because WiFi wasn’t working when I did upgrade to Yosemite, so I reverted. Because none of the new features prior to a security update were worth my time updating. There are others, but legitimate reasons to exist.

    1. Sorry Tim, but the article is WRONG:

      NO-> Accompanying security updates for 10.9 and 10.8 have also been released

      I have no idea where he pulled that from, but he’s WRONG. It’s still uncertain, IMHO, whether Apple is going to patch 10.9 and 10.8. But Emil Kvarnhammar, who discovered the backdoor, believes Apple will NOT.

  2. Semi-rhetorically speaking:

    1. Which operating systems and their versions are flawed and which are not.

    2. Is a fix forthcoming ?

    3. What is the name of the API ?

    1. I elaborate on your questions below. But the quick answers:

      1) OS X 10.10.2 on down through 10.7.x are affected. 10.6 and earlier have NOT been tested.

      2) Emil Kvarnhammar, the security expert who discovered the backdoor, believes Apple will NOT be fixing earlier versions of OS X.

      3) No name for the specific API has been disclosed. We know the API is accessible via the XPC Services API, which is part of libSystem. It is within the Admin framework. It provides ‘basic interprocess communication integrated with Grand Central Dispatch (GCD) and launchd.’ (<-To quote Apple)

  3. I’ve been watching news about the ‘Rootpipe‘ security hole in OS X since late October. It’s not exactly easy to exploit. But it’s there.

    Emil Kvarnhammar originally intended to publish the ‘backdoor’ in January, 2015. He’s been a lot kinder than Google, letting Apple take its time sorting out the problem. Sadly, Apple has ONLY repaired the problem in OS X 10.10.3. Meanwhile, the backdoor remains open on 10.9.5, 10.8.5 and 10.7.5. Earlier versions of OS X have not been studied. It’s unclear whether Apple plans to do further patching.

    Emil Kvarnhammar believes Apple will NOT further patch the backdoor. Therefore, yesterday he has published several details about how he discovered and exploited the Rootpipe backdoor.

    Hidden backdoor API to root privileges in Apple OS X

    Emil will be be presenting full details about Rootpipe on May 28th at the Stockholm, Sweden Security Conference 2015.

    Because of the difficulty in exploiting this backdoor, I’m kinda/sorta not worried. There is no Rootpile exploit in-the-wild. But it sure would be nice if Apple made us all feel comfy by closing up the backdoor at least back to 10.8.5, that being three versions back of OS X, as per their usual protocol.

    So Apple? Yes? Please?!

    Was this backdoor for purposes other than enabling System Preferences and systemsetup processes? Rather than get all paranoid, I’d say it doesn’t matter much at this point. At this point we know full well that the NSA has been breaking Fourth Amendment to the US Constitution as far back as 1989, during the George HW Bush administration. 😛 We also know that Apple is serious about making OS X and iOS secure against illegal surveillance, or certainly they’re putting on a darned good show, enough to apparently and supremely tick-off a lot of illegal surveillance maniacs within #MyStupidGovernment. 🙄

  4. Apple has added few new features in Mac OS X and they are like more than 300 new Emoji characters added. It prevents Safari with safeguarding the website favicon URLs used in private browsing, improves stability and ensures security in Safari, improves WiFi performance and connectivity in various usage scenarios, improves compatibility with captive Wi-Fi network environments, fixes an issue that may cause Bluetooth devices to disconnect, improves screen sharing reliability and they fixed previously held bugs as well.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.