In order to exploit the flaw, an attacker must have previously been granted access (either physical or remote) to the machine. The “Rootpipe” flaw allows attackers to gain full access (commonly known as root access) to a system via a hidden backdoor through the system preferences. OS X Yosemite is Still Vulnerable to the “Rootpipe” Security Flaw Still-vulnerable apps include the mobile app, Citrix OpenVoice Audio Conferencing, and Movies by Flixter with Rotten Tomatoes. Although a fix was introduced in the new version, released three weeks ago, many iOS apps haven’t updated their code to patch the flaw. Many iOS apps use an open-source networking code called AFNetworking to establish secure connections to the server, and the previous version of code contained this security flaw. Many attackers will use a fake Wi-Fi hotspot that fails to check for security certificates to exploit the flaw. The “Man-in-the-Middle” works by allowing an attacker to intercept data (passwords, bank information, etc.) when connected to the same wireless network.
0 Comments
Leave a Reply. |