OS X rootpipe privilege elevation

Added: 04/14/2015
CVE: CVE-2015-1130
BID: 73982
OSVDB: 120418

Background

OS X is an operating system for Mac computers.

Problem

The Admin framework in OS X contains a hidden backdoor API which allows local users to gain root privileges.

Resolution

Upgrade to OS X 10.10.3 or apply security update 2015-004.

References

https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/

Limitations

Exploit works on OS X 10.10 and requires an existing unprivileged connection.

Platforms

Mac OS X

Back to exploit index