Mac OS X - Gain Root Privileges Through AppleScript

A serious security hole has been found in Mac OS X - both Leopard and Tiger are affected. The exploit allows someone with physical access to a Mac to run programs as the Root user.

The exploit uses the Apple Remote Desktop, (ARDAgent), application to execute a shell script. When the shell script is executed it is done so as Root. To test this, type the following command in Terminal:


osascript -e 'tell app "ARDAgent" to do shell script "whoami"'

This command works even if Remote Desktop Sharing is disabled and the Root user is disabled in the Directory Utility. However, it will only work if the user is logged into the computer. It will not work if Fast User Switching has been used.

As this is a brand new exploit there is no fix as of yet.

If You Found This Post Interesting, Then You Might Also Like:

This entry was written by Paul, posted on Thursday, 19th June, 2008 at 02:13, filed under Apple, Mac OS X, Security, Software, Technology and tagged , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.
Print This Post

One Trackback

  1. By whatithink » Blog Archive » First Trojan Based on ARDAgent Root Exploit IRELAND WordPress 2.5.1 on Monday, 23rd June, 2008 at 15:21

    [...] Mac are reporting that they have found a trojan designed to take advantage of the ARDAgent root exploit that I posted about [...]

Post a Comment

Your email is never shared. Required fields are marked *

*
*

CAPTCHA image

Submitting a comment on this site means that you've accepted the following rules: 1. Comments are owned by those who post them. By posting a comment you agree to allow your comment to displayed/ used on this site with attribution to your name and site. 2. You agree to be a grown up. This is the Internet and people will disagree with you. Argue your point of view rationally without resulting to childish name calling. 3. Inappropriate comments will be deleted. As to what constitutes "inappropriate" - here's a short list: I won't tolerate spam, comments that are created by a bot, or a comment that is written purely to troll, to disparage or to insult. At the end of the day, this is my site, so I decide what's appropriate. 4. Language: I'm not a prude, but strong language just for the sake of strong language is not acceptable. In other words, use sparingly.