Critical Mac OS X Security Update | Technology Services Organization

WHAT'S HAPPENING?
Apple has released a security update which patches a critical vulnerability that allows local accounts to gain escalated privileges. The fix is found in update 10.10.3 and Security Update 2015-004 (for machines below OS X 10.10). Unfortunately, the vulnerability is present in OS X 10.7 (Lion), but Apple has not yet released a patch for Lion (nor have they stated whether a patch is forthcoming).

WHO IS AFFECTED?
Users of Mac OS X 10.7 and above.

WHAT DO YOU NEED TO DO?
TSO recommends the following actions:

Affected users should apply the latest Apple updates and security patches. OS X updates and security patches generally require a reboot upon completion. Users running OS X 10.7 or below should strongly consider upgrading to the latest version of OS X, where possible.

Additional details are available at
https://support.apple.com/en-us/HT204659

An in depth investigation of the vulnerability can be found here
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/

WHO SHOULD YOU CONTACT FOR QUESTIONS?
TSO Help Desk (CCB 148, 404.894.7065, helpdesk@cc.gatech.edu).

Technology Services Organization

College of Computing

Georgia Institute of Technology