Mac OS X Root Escalation Through AppleScript

An anonymous reader writes "Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through AppleScript: osascript -e 'tell app "ARDAgent" to do shell script "whoami"'; Works for normal users and admins, provided the normal user wasn't switched to via fast user switching. Secure? I think not." On the other hand, since this exploit seems to require physical access to the machine to be rooted, you might have some other security concerns to deal with at that point, like keeping the intruder from raiding your fridge on his way out.

Re:ARDAgent is Apple Remote Desktop

[MacDork]

would you feel the same way if this article described a Windows exploit?

Yes, of course. Do you think I enjoy having my inbox overflow with spam because of the Windows worm du jour?

Also, who says Apple wasn't notified of this problem in advance? I'm not saying they were or weren't, but I don't have data either way.

I did and you obviously don't have any information to dispute it.

As a network admin, I'm a fan of full disclosure, which gives the ability to do something about the issue until a patch is released.

Don't be so juvenile. There's a huge difference between being notified on a security mailing list and having the information plastered on the front page of slashdot. A real professional would know that.