Hidden backdoor API to root privileges in Apple OS X

“The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. It’s been there for several years (at least since 2011), I found it in October 2014 and it can be exploited to escalate privileges to root from any user account in the system.

[…]

Apple has now released OS X 10.10.3 where the issue is resolved.”