On Fri, Apr 17, 2015 at 8:13 PM, Richard Pieri <richard.pi...@gmail.com> wrote: > On 4/17/2015 9:26 AM, Edward Ned Harvey (blu) wrote: >> >> I'd like to alert people that OSX Mavericks has a root exploit that >> will not be fixed. All Mac users must immediately update to Yosemite >> in order to maintain any semblance of security. > > > Cutting through the hyperbole.... > > It's a local privilege escalation vulnerability nicknamed rootpipe. It can > be mitigated by doing one thing: don't run as an administrator account. > Standard user accounts cannot be used to exploit this vulnerability.
>From the Ars Technica article linked from the original email: "... The researcher continued to experiment with the flaw until he found a way to elevate privileges even from standard OS X accounts, which give users considerably less control. To Kvarnhammar's amazement, he was able to expand the attack by sending a what's known as a "nil" to the OS X mechanism that performs the elevation authorization. A nil is a zero-like value in the Objective C programming language that represents a non-existent object. ...." Sounds like your info might be out of date. Bill Bogstad _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss