Patrick Wardle, a former National Security Agency staff, said that Apple's latest OS X update did not completely patch the Rootpipe vulnerability which has bugged the operating system since 2011.
Wardle demonstrated how he was able to exploit the vulnerability through a video he posted in the Internet in order to let Apple know about the issue and give the company time to fix it, according to 9 to 5 Mac. In the video, it appears that Wardle used a code written in Python in order to gain read-access rights to a root-owned file even if he was only signed as a normal user without administrator rights.
In his blog, Wardle wrote, "In the spirit of responsible disclosure, at this time, I won't be providing the technical details of the attack, besides of course to Apple. However, I felt that in the meantime, OS X users should be aware of the risk."
OS X 10.10.3, Apple's latest update for its operating system, was released early April. Apple claims that the new update will fix several reported security flaw but it turns out that the company was unable to completely fix the Rootpipe problem. Security researcher Pedro Vilaça said that Apple did try to patch the problem but there were still "a tonne of ways to bypass it."
According to The Register, the Rootpipe vulnerability allows malicious software injected by hackers into a computer running OS X to gain administrator-level rights without permission from the user. Once these applications were installed, it can log keypresses as well as cause irreparable damage to the computer.