Torsten Curdt’s weblog

OSX root exploit

This exploit is so embarrassingly simple that is makes you wonder. (Or maybe you just don’t want to know?) For now it seems safer to not just turn off but also remove suid bit from the Apple Remote Desktop app.

sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

And you should be safe for now. Let’s hope Apple gets this fixed quickly. Shocking!

  • Maybe it's just on Leopard then.
  • That hangs when I try it (i386 Tiger). I can't get it to do anything at all, no matter what commands I put in the quotes.
blog comments powered by Disqus