OS X Yosemiteにパスワード無しで管理者のユーザー権限をroot化できる深刻な脆弱性 通称「rootpipe」が発見される。


 OS X Yosemiteに深刻な脆弱性 通称「rootpipe」が発見され話題になっています。詳細は以下から。


 この脆弱性はスウェーデンのホワイトハッカー Kyarnhammarさんが発見したもので、「攻撃者がMacの管理者ユーザー権限をパスワードを必要すること無く、rootにできる」というもので、既にAppleに報告済で詳細は語れないものの、

Emil Kvarnhammar, a hacker at Swedish security firm Truesec, calls the vulnerability ‘rootpipe’ and has explained how he found it and how you can protect against it.

It’s a so-called privilege escalation vulnerability, which means that even without a password an attacker could gain the highest level of access on a machine, known as root access.

From there, the attacker has full control of the system.

[Swedish hacker finds ‘serious’ vulnerability in OS X Yosemite – Macworld]

 セキュリティサミットでのデモ動画には”rootpipe”を実行するだけでroot権限に移行される様子が映っています。(14秒辺りで$./rootpipe後 #になります)

 Appleの合意のもと2015年1月にはその詳細を開示できるようですが、この脆弱性はOS X 10.8.5 Mountain Lionで動作を確認し(OS X 10.8.5にも存在し)、OS X 10.9 Mavericksでは上手く動作しなかったものの、OS X 10.10 Yosemiteでは少しの変更で動作することを確認したそうです。 

He tested the vulnerability on version 10.8.5 of the OS and got it to work, he says. Then he tried on 10.9 but with no luck.

“I was a bit dejected but continued to investigate,” Kvarnhammar said. “There were a few small differences [in later releases] but the architecture was the same. With a few modifications I was able to use the vulnerability in the latest Mac OS X, version 10.10.”

[Swedish hacker finds ‘serious’ vulnerability in OS X Yosemite – Macworld]


 Kyarnhammarさんは”rootpipe”の対策として「管理者(root)権限を持たないユーザーを作成し、必要な時だけそのアカウントを使うこと」と「Appleのデータ暗号機能 FileVaultを使用すること」の2つを上げています。


He says there are ways to protect against rootpipe and enhance the security of your Mac generally. Step one is to make sure you’re not running the system on a daily basis with an admin account – that is, one that has admin privileges.

That’s tricky since most Macs get set up with only one account on them, and that account has admin privileges. His tip is to create a new account and assign it admin privileges, and call it “admin” or something similar. Then log into the admin account and remove the admin permissions from the other account you’ll be using day in and day out.


He also recommends using Apple’s FileVault tool, which encrypts the hard drive.
The performance hit on the system is minimal, he says, and you probably won’t notice it at all.
[Swedish hacker finds ‘serious’ vulnerability in OS X Yosemite – Macworld] 

Swedish hacker finds ‘serious’ vulnerability in OS X Yosemite – Macworld 
Serious security flaw in OS X Yosemite ‘Rootpipe’ – ZDNet


  1. Apple7743 より:


  2. Apple7743 より:


  3. Apple7743 より:


  4. Apple7743 より:


  5. Apple7743 より:


  6. Apple7743 より:


  7. Apple7743 より: