Ard

Yesterday, Slashdot reported a privilege escalation vulnerability in OSX. Using AppleScript you can tell the ARDAgent to execute arbitrary shell script. Since, ARDAgent is running as root, all child processes inherit root privleges. Intego points out that if the user has activated Apple Remote Desktop sharing the ARDAgent can’t be exploited in this fashion. So, the short term solution is to turn on ARD, which you can do without giving any accounts access privileges. TUAW has an illustrated guide to doing this in 10.4 and 10.5.

Hackaday

1 Articles

Neutering The Apple Remote Desktop Exploit

Search

Never miss a hack

If you missed it

MXM: Powerful, Misused, Hackable

VCF East 2024 Was Bigger And Better Than Ever

Microsoft Killed My Favorite Keyboard, And I’m Mad About It

Remembering Peter Higgs And The Gravity Of His Contributions To Physics

Chandra X-ray Observatory Threatened By Budget Cuts

Our Columns

Human-Interfacing Devices: HID Over I2C

Fail Of The Week: Can An Ultrasonic Cleaner Remove Bubbles From Resin?

Linux Fu: Stupid Systemd Tricks

Retrotechtacular: The Other Kind Of Fallout Show

Logic Analyzers: Decoding And Monitoring

Search

Never miss a hack

Subscribe

If you missed it

Our Columns