An unpatched vulnerability in Yosemite and some earlier versions of Apple's Mac OS X allows untrusted people to take full control of users' machines, a security researcher has warned.
Dubbed Rootpipe, the privilege escalation bug allows people to gain root access, a nearly unrestricted level of system privileges, without first entering the "sudo" password, according to a recent report published by MacWorld. Sudo is a mechanism that's designed to prevent code execution, file deletions, and other sensitive operations from being carried out by unauthorized people who have physical access to a computer.
"Normally there are 'sudo' password requirements, which work as a barrier, so the admin can't gain root access without entering the correct password," Emil Kvarnhammar, a researcher at Swedish security firm Truesec, told Macworld. "It took a few days of binary analysis to find the flaw, and I was pretty surprised when I found it."