OSX root exploit
This exploit is so embarrassingly simple that is makes you wonder. (Or maybe you just don’t want to know?) For now it seems safer to not just turn off but also remove suid bit from the Apple Remote Desktop app.
sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent
And you should be safe for now. Let’s hope Apple gets this fixed quickly. Shocking!