Heads Up! Apple OSX (Yosemite/Mavericks/MountainLion) flaw allows full (root) takeover

Heads up people!

I'd like to point out that this security flaw is not officially confirmed, but the fact Apple has asked the security company to not publish the flaw until Jan 2015 makes it pretty likely to be true.

If this is true, it is a complete security failure. While panic is not advised, it most certainly should concern any and all 10.8,10.9, and 10.10 users.

I advise reading
OS X Yosemite Flaw Leaves Macs Open to Hacker Takeover

The source above identifies two ways to help slow or mitigate such flaws:

-Do NOT log in under an administrative account unless you need it. Use a standard user account for browsing the web and reading e-mail.
(this is wise under any operating system)

-Encrypt files (Filevault will work) so as not to give an attacker an easy time. This does not stop an attacker, but it does slow them down.


Note that just because one security group decided to keep it under wraps does NOT mean that others have not discovered this.
Here's hoping Apple moves quickly on something like this.

 

Personally, I think it's a good idea to only use a non-administer account most of the time and encrypt your files, hack or no hack.

Another article on the issue: Serious security flaw in OS X Yosemite 'Rootpipe' | ZDNet

 

In looking at a few other articles, there seems to be conflicting information as to whether or not this exploit affects Mavericks (10.9). I've got non-admin accounts set up anyway, but it would be nice to have clarification.

 

The first article confirms it works on 10.8, 10.9 and 10.10, so yes.
It takes slight modifications in the script, but works.