Still waiting for the details to be released on what #rootpipe   exploits but it is a privilege escalation bypass…

Originally shared by Martin Gustafsson

Still waiting for the details to be released on what   exploits but it is a privilege escalation bypass of some sort.

If this privilege escalation bypass is combined with a zero day remote execute exploit of Safari (or other major browser on the platform) in combination with a hacked major website we could see something VERY bad happening.

All MacOS X users (10.8 and up), create a separate administrative account and remove your daily usage account(s) from the admin group!

For some reason this only seems to be headlining the news on tech sites here in Sweden so this needs to be spread around! FYI for anyone claiming the realiability of the source, TrueSec is a highly respected and comptent swedish company.

If this involves sudo, other n*x-flavours could be affected as wellö

https://www.youtube.com/watch?v=fCQg2I_pFDk

Leave a Reply