This Metasploit module exploits the rootpipe vulnerability and bypasses Apple's initial fix for the issue by injecting code into a process with the 'admin.writeconfig' entitlement.
675bfb209258c4d794420d872c3ae4a648abbf5cb0e2af4ea23e9559348211b2
This Metasploit module exploits a hidden backdoor API in Apple's Admin framework on Mac OS X to escalate privileges to root, dubbed Rootpipe. Tested on Yosemite 10.10.2 and should work on previous versions. The patch for this issue was not backported to older releases. Note: you must run this exploit as an admin user to escalate to root.
6e27a1e1f2bcf759b740ad9887024027c9c87f0045ced259f32d35e3a7522fe1
Mac OS X rootpipe local proof of concept privilege escalation exploit.
146b64bdac5816f848302abe5d0ad8a8ac00a1ef2eb064fcfcdd3a63453c2ee0