Apple’s latest update to Yosemite, 10.10.3, supposedly closed off Rootpipe, an exploit that — as the name implies — opens up root access to users and programs that shouldn’t have it.
However Patrick Wardle, a former NSA employee who now heads up the the security firm Synack, found out it wasn’t the case. He discovered he was still able to use Rootpipe. It is “a novel, yet trivial way for any local user to re-abuse Rootpipe”, he wrote in his blog. Wardle passed along information about the hack to Apple.
The company’s security policies as a whole are also being criticized by security experts; Apple was made aware of Rootpipe in October 2014 and originally planned on releasing a patch in January 2015 but didn’t implement and distribute a fix until April 8. Machines that are running versions of OS X older than Yosemite were never patched.