Rootpipe vulnerability remains on Mac OSX 10.10.3
Despite Apple claims of patching Rootpipe vulnerability, a researcher has shown it is still possible to exploit even on a machine running the latest software. Apple

Despite Apple claiming it had patched the Rootpipe vulnerability with a software update in early April, a security researcher has shown it is still possible to exploit even on a machine running the latest version of Mac OS X.

Revealed over six months ago, Rootpipe is a vulnerability in Apple's desktop operating system, Mac OS X, which could give an attacker root access to the system - though to fully exploit the flaw a hacker would have had to gained local access to the computer, likely though exploiting some other software first.

The vulnerability was discovered by Swedish security researcher Emil Kvarnhammar who reported the issue to Apple, and after initially being ignored, was asked by the technology giant to withhold publishing details about Rootpipe until the company was able to publish a patch for the software.

At the time, Kvarnhammar said his deal with Apple would see him reveal the details in mid-January when the tech giant would issue a patch, but that patch didn't come until April, a full six months after the Rootpipe vulnerability was first reported.

Apple announced that it had patched the vulnerability in its 10.10.3 software update, however this only fixed the problem for users running Mac OS X Yosemite with Apple saying that it would not be fixing the problem for those using Mac OS X 10.9.x or earlier, leaving a lot of people vulnerable.

However, it looks as if now, Apple has left all Mac OS X users vulnerable despite the flaw.

Security researcher Patrick Wardle from Synack published a blog detailing how he was able to exploit the vulnerability on his own fully-patch Mac OS X 10.10.3 system using a "novel yet trivial" method.

While Wardle has released details of the exploit, he has posted the following video showing the vulnerability in action:

Waddle has provided Apple with the technical details of the exploit but the world's most valuable company hasn't commented on the Rootpipe issue yet.