Temporary Fix for ARDAgent Root Privilege Escalation

From the keyboard of Paul on June 20th, 2008
Tagged with: , , ,
Filed under: Apple, Mac OS X, Security, Software, Technology.
Print This Post

If you’re worried about the security problem with Apples Remote Desktop Sharing that I posted about yesterday, but still want to use the service, then here’s a quick solution:

Open Terminal and type, all on one line, the following command:


sudo chmod u-s /System/Library/CoreServices/RemoteManagement/
ArdAgent.app/Contents/MacOS/ARDAgent

Now if you use,

osascript -e 'tell app "ARDAgent" to do shell script "whoami"'

you should get your own username back.

If You Found This Post Interesting, Then You Might Also Like:

« The Meaning of Life on Mars
The Alternative View »

1 Response to Temporary Fix for ARDAgent Root Privilege Escalation

  1. whatithink » Blog Archive » First Trojan Based on ARDAgent Root Exploit IRELAND WordPress 2.5.1
    June 23rd, 2008 at 15:31

    [...] Secure Mac are advising Mac users to use MacScan to protect themselves against the threat. Or you could just stop the ARDAgent service from running scripts as root. [...]

Leave a Reply

CAPTCHA image