Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac OS X Root Escalation Through AppleScript

Posted by timothy on from the oh-snap-crispy-apples dept.

An anonymous reader writes "Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; Works for normal users and admins, provided the normal user wasn't switched to via fast user switching. Secure? I think not." On the other hand, since this exploit seems to require physical access to the machine to be rooted, you might have some other security concerns to deal with at that point, like keeping the intruder from raiding your fridge on his way out.

3 of 359 comments (clear)

  1. Re:ARDAgent is Apple Remote Desktop by MacDork · · Score: 1, Troll

    would you feel the same way if this article described a Windows exploit?

    Yes, of course. Do you think I enjoy having my inbox overflow with spam because of the Windows worm du jour?

    Also, who says Apple wasn't notified of this problem in advance? I'm not saying they were or weren't, but I don't have data either way.

    I did and you obviously don't have any information to dispute it.

    As a network admin, I'm a fan of full disclosure, which gives the ability to do something about the issue until a patch is released.

    Don't be so juvenile. There's a huge difference between being notified on a security mailing list and having the information plastered on the front page of slashdot. A real professional would know that.

  2. Re:ARDAgent is Apple Remote Desktop by MacDork · · Score: 0, Troll

    Black hats read security mailing lists. Keeping it off Slashdot only hinders innocent users from taking precautions against the defect.

    Taking precautions??? Innocent users are being directed to delete a significant part of their OS with outdated instructions by the helpful slashdot Mods... That is MUCH more harmful than a local root exploit which Apple will close in a few days.

  3. Re:ARDAgent is Apple Remote Desktop by MacDork · · Score: 0, Troll

    I'm still waiting for you to cite evidence supporting your position that they weren't informed.

    Where did you get that argument? The creationists? My assertion is falsifiable. Yours is not. Either Apple was informed in a timely manner beforehand or they were hit with this without warning. Unless you can produce information that they were informed, you lose. So I'll get right to proving the non-existence of a warning right after I get done proving the non-existence of a deity.

    I guess the blackhats taking advantage of new exploits don't read security mailing lists.
    • Small handful of blackhats on a mailing list without local access, or...
    • Every blackhat, disgruntled employee, and script kiddy in a Mac lab handed a one line self destruct script on Slashdot's front page.

    Shouting fire in a crowded theater anyone? The asshat editors at /. aren't just being irresponsible, their actions are bordering on criminal. I won't be surprised if they are brought up on charges when this information is misused.

    Ten years of network administration in a variety of environments, code contributions to multiple rather well-known open source projects, and service in the Navy's submarine force

    And yet, you still have the maturity level of a third grader. Shall I recap our "Apple didn't know" discussion for you? "Nuh uh. Uh huh! Nuh uh. Uh huh!!!" What's your next move? Hold your ears and shout "Nah nah nah nah nah nah nah!!!"