OSX root exploit

Torsten Curdt’s weblog

331 readers

by feedburner

636 followers

on twitter

addressbook amiga apache apachecon apple asm australia backup bash bcel berlin blog books c cocoa cocoaheads cocoon commons conferences continuations css debian debug dependencies drools eclipse email firefox flickr funny gadgets geo git gmail google gps html http iphone ipod java javaflow jci jdeb job joost linux mail maven melbourne minijar music network objectivec osx photography plugins review ruby safari software spam ssl surfing svn thunderbird travel ubuntu windows wordpress

This exploit is so embarrassingly simple that is makes you wonder. (Or maybe you just don’t want to know?) For now it seems safer to not just turn off but also remove suid bit from the Apple Remote Desktop app.

sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

And you should be safe for now. Let’s hope Apple gets this fixed quickly. Shocking!

20. June 2008 | apple, osx, security

tcurdt

Maybe it's just on Leopard then.
Vas the Man

That hangs when I try it (i386 Tiger). I can't get it to do anything at all, no matter what commands I put in the quotes.