Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac OS X Root Escalation Through AppleScript

Posted by timothy on from the oh-snap-crispy-apples dept.

An anonymous reader writes "Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; Works for normal users and admins, provided the normal user wasn't switched to via fast user switching. Secure? I think not." On the other hand, since this exploit seems to require physical access to the machine to be rooted, you might have some other security concerns to deal with at that point, like keeping the intruder from raiding your fridge on his way out.

1 of 359 comments (clear)

  1. Root via OS X install DVD by Aqua+OS+X · · Score: 0, Redundant

    Well, if you have physical access to an OS X box, and you have an OS X install DVD, you can always reset the root password and hop right into the machine.

    I guess this exploit saves the perpetrator $129, but the real lesson should be, physical access = vulnerable computer.

    --
    "Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"