All Mac business users, listen up. Details of a vulnerability in Macs have just been released, and you won't like the risks it poses for your company.
Called "Rootpipe," this security flaw makes your business information, private customer data and anything else you keep in your systems accessible to those who want to exploit it — and they won't even need to know your login credentials to access it.
Discovered by Emil Kvarnhammar, a consultant at the Swedish IT security firm TrueSec, Rootpipe affects Macs running OS X Yosemite, Mavericks and Mountain Lion. Here's what we know about Rootpipe so far and how you can protect your systems. [10 Security Solutions for Small Business]
What is Rootpipe?
Rootpipe is a vulnerability that gives hackers root access to Mac computers without a password. This means that attackers can circumvent existing security measures and gain administrative-level privileges to your systems. If exploited, intruders can do such things as change system settings, delete files and steal sensitive data such as passwords, financial accounts and your business's and customers' private information.
The security flaw is nothing new, however. Kvarnhammar confirms in his findings that the vulnerability has been around since 2012, but may be "much older."
Is there a fix?
Kvarnhammar has reported the vulnerability to Apple. Though the company has yet to issue a public statement, a patch is expected in January 2015. In the meantime, Apple has asked Kvarnhammar to withhold details regarding the security flaw.
Details on the #rootpipe exploit will be presented, but not now. Let's just give Apple some time to roll out a patch to affected users.— Emil Kvarnhammar (@emilkvarnhammar) October 16, 2014
What you can do
To protect your Mac devices — and your business — security experts recommend the following:
- Don't use an admin account on your Mac by default. Instead, create a separate user account for daily use.
- Use Apple's FileVault, a security tool that keeps your data encrypted.
- Make sure your system is always protected by Apple's latest security updates.
- Be cautious of documents, links and other data you receive from untrusted sources.
Originally published on Business News Daily.