Root Pipe : Privileges Escallation and Backdoor Api Root in OSX.

Root Pipe : Privileges Escallation and Backdoor Api Root in OSX.

Root Pipe – This is a Proof-of-Concept Mac Application that demonstrates the RootPipe Privilege Escalation Vulnerability (CVE-2015-1130). this tool to create Hidden backdoor API to root privileges in Apple OS X.

Example Demo

Example Demo

Usage RootPipe demo :
To use, simply give a path to a file that you want to have escalated permissions, then provide the path where you want the file to be copied to with the escalated permissions, then provide your permissions in octal format (i.e. 04777), and (optionally) provide the file owner name and group

Exploit List:
+ Oct 2nd 2014: First discovery
+ Oct 3rd 2014: First contact with Apple Product Security Team
+ Oct 14th 2014: Exploit code shared with Apple
+ Oct 24th 2014: Initial full disclosure date set to Jan 12th 2015
+ Oct 16th 2014: Release of OS X 10.10 Yosemite, vulnerable to rootpipe
+ Nov 14th 2014: Apple requested to postpone disclosure
+ Nov 17th 2014: Release of OS X 10.10.1, also vulnerable
+ Jan 12th 2015: Joint decision between Apple and TrueSec to postpone disclosure due to the amount of changes required in OS X
+ Jan 16th 2015: CVE-2015-1130 created by Apple
+ Jan 27th 2015: Release of OS X 10.10.2, also vulnerable
+ March 2nd 2015: Release of OS X 10.10.3 public beta, issue solved
+ April 1st 2015: Apple confirmed that release is coming the second week of April
+ April 8th 2015: Release of OS X 10.10.3
+ April 9th 2015: Full disclosure

OS Support : Mac OS X 10.9 – Mac OS X 10.10.2
RootPipe Code :

For Full Disclosure : https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/

Download :
Rootpipe : Master.zip  | Clone Url
Rootpipe Demo : Master.zip  | CLone Url
Source : https://github.com/hiburn8 and https://github.com/Shmoopi