Mac OS X 'rootpipe' is not a backdoor

The news is full of stories like this Failed Apple Rootpipe Fix Leaves Backdoor On All Macs, Researchers Claim. Forbes (and many others) call it a "significant flaw", ZDNet calls it "serious". It was supposed to be fixed in the last patch cycle, but apparently it wasn't.

Yes, Apple deserves shame and humiliation, but seriously: for most of us, it's not a concern. First, if you don't run as an admin account as I've suggested at Patch fixes sudo escalation flaw, you aren't vulnerable.

More importantly, this isn't a "back door" through which someone can enter your Mac. This requires someone to login as a user first and then to have the combination to the safe tatooed on that user's forehead. The user needs to have admin privilege as noted above; without it this flaw doesn't help them.

It's unimportant to most of us. I might worry if I had employees, but sitting here behind two firewalls on a machine with only one admin account that I do not use, I do not.

Got something to add? Send me email.

(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Mac OS X 'rootpipe' is not a backdoor

Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Anthony Lawrence

Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us