An unpatched vulnerability in Yosemite and some earlier versions of Apple's Mac OS X allows untrusted people to take full control of users' machines, a security researcher has warned.

Dubbed Rootpipe, the privilege escalation bug allows people to gain root access, a nearly unrestricted level of system privileges, without first entering the "sudo" password, according to a recent report published by MacWorld. Sudo is a mechanism that's designed to prevent code execution, file deletions, and other sensitive operations from being carried out by unauthorized people who have physical access to a computer.

"Normally there are 'sudo' password requirements, which work as a barrier, so the admin can't gain root access without entering the correct password," Emil Kvarnhammar, a researcher at Swedish security firm Truesec, told Macworld. "It took a few days of binary analysis to find the flaw, and I was pretty surprised when I found it."

According to the article, the vulnerability is present in version 10.10, aka Yosemite, as well as version 10.8.5. It's unclear if other versions are also susceptible to the attack. To prevent widespread exploitation of Rootpipe, Kvarnhammar isn't disclosing technical details for the time being. A video demonstration is below:

Based on the extremely limited information available, there's no indication that Rootpipe can be exploited remotely. If true, that means the vulnerability is useful only to people with physical access to a Mac. That drastically lowers the severity of the bug, but it nonetheless remains serious enough that it ought to be fixed. Users who want a workaround fix immediately should perform daily computing tasks using an account with "standard" rights instead of one with "Admin" privileges.