ARDAgent exploitable locally

I was pointed by a colleague that ARDAgent can be exploited locally to gain “root” privileges under MacOS 10.4 and 10.5. A quick search on Google turned up this post on Macworld that gives some details about this issue.

To check whether you’re vulnerable type the following in a Terminal window:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"';

And if it says root you are vulnerable. To quickly protect you type the following:

sudo chmod u-s /System/Library/CoreServices/RemoteManagement/

Leave a Reply

Your email address will not be published. Required fields are marked *