在「Hidden backdoor API to root privileges in Apple OS X」這邊揭露了這個漏洞 (接近於後門的設計)。
10.10.3 修正了這個問題,但沒打算修 10.7.x 到 10.9.x 的版本:
Apple has now released OS X 10.10.3 where the issue is resolved. OS X 10.9.x and older remain vulnerable, since Apple decided not to patch these versions. We recommend that all users upgrade to 10.10.3.
從 2014 年十月發現回報,2015 年一月蘋果建立 CVE-2015-1130,到 2015 年四月才正式修復 10.10.x 的部份:「About the security content of OS X Yosemite v10.10.3 and Security Update 2015-004」。
靠靠,我不想升到 10.10 啊...