Apple "Rootpipe" vulnerability

A security vulnerability impacting recent versions of Apple Mac OS 10 enables an attacker to gain access to a computer, potentially with the ability to perform the same actions as a valid user of the computer. All a user needs to do is open a malicious file, for example sent as an email attachment, to allow the attacker to gain access.

Apple has patched this vulnerability in OS 10.10.3 (Yosemite) in the recent Security Update 2015-004. If you are running Mac OS 10.10 you should install this update on your Macintosh immediately.

Unfortunately, Apple has announced that they will not be patching their older Mac OS 10 version, including Mac OS 10.9 and earlier. If your computers supports Mac OS 10.10 we recommend upgrading to the latest version. Please contact your Desktop Support Services (DSS) staff, the Computer Help Desk (CHD) or your local department IT support for assistance with determining your options. A full backup of your Mac is always recommended before upgrading.

As always, we recommend avoiding clicking on links in emails, opening attachments from untrusted sources, and downloading files or applications from untrusted sources. If you are in doubt of the legitimacy of an email or link, contact the Computer Help Desk, helpdesk@uvic.ca, 250-721-7687 for assistance.

If more information becomes available, such as mitigation steps or future updates for Mac OS 10.9 and earlier, we will update this bulletin. For more information visit: http://msisac.cisecurity.org/advisories/2015/2015-039.cfm