Archive

Posts Tagged ‘ardagent’

Serious OSX Security Vulnerabilty

June 29, 2008 Leave a comment

This one broke around a week ago but I’ve only just had the chance to try it out. And an OSX security flaw is big news so no harm in spreading the cure. The advisory at Washingtonpost.com concerns the Apple Remote Desktop Agent which runs as root and accepts applescript commands. Typing the following into terminal, you can copy and paste and it works fine.

osascript -e ‘tell app “ARDAgent” to do shell script “whoami”‘;

On my 10.5.3 installation this returns ‘root’, so the vulnerability can be used to do anything on the mac. The following code will change the file access permissions of ARDagent

osascript -e ‘tell app “ARDAgent” to do shell script “chmod 0555 /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent”‘;

Again this can be copied and pasted into the terminal. Running the first commands again should now return your username rather than ‘root’.

Read the full article at the Washingtonpost.com

Advertisements