Archive

Archive for June 29, 2008

Serious OSX Security Vulnerabilty

June 29, 2008 Leave a comment

This one broke around a week ago but I’ve only just had the chance to try it out. And an OSX security flaw is big news so no harm in spreading the cure. The advisory at Washingtonpost.com concerns the Apple Remote Desktop Agent which runs as root and accepts applescript commands. Typing the following into terminal, you can copy and paste and it works fine.

osascript -e ‘tell app “ARDAgent” to do shell script “whoami”‘;

On my 10.5.3 installation this returns ‘root’, so the vulnerability can be used to do anything on the mac. The following code will change the file access permissions of ARDagent

osascript -e ‘tell app “ARDAgent” to do shell script “chmod 0555 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent”‘;

Again this can be copied and pasted into the terminal. Running the first commands again should now return your username rather than ‘root’.

Read the full article at the Washingtonpost.com

Macpro overclocking tool

June 29, 2008 Leave a comment

ZDNet.de has released a tool for overclocking the Macpro. It’s not a perfect solution and raises some interesting points about how the Mac keeps time, so read the notes before using, especially on a first generation Intel Macpro.

The more interesting point is that this has been released at all. The PC overclocking field is well established but until now there has been little of interest for overclocking Apple Macs. It’s different in the hackintosh realm, where overclocking the Intel Core 2 Duo/Quad is well documented and common. My own hackintosh has been running an overclocked Core 2 Quad 6600 at 3Ghz (up from the stock 2.4Ghz) for several months. This is set from the Bios and doesn’t appear to have any effect on OSx’s timekeeping ability.

Read the article and download the overclocking tool at ZDNet.de