A programmer’s rants

Mac OS X - Epic Fail

While getting up to speed with Slashdot, I found an interesting article about a security breach on Mac OS X that allows user escalation through AppleScript.

Trying it on the terminal works, but, as they say, the user needs to have physical access to the machine. So, Patrício suggested trying to access through SSH to see if it works, and it did.

Slashdot member gombah99 posted a tip on how to neutralize it non-destructively:

cd /System/Library/CoreServices/RemoteManagement/
sudo tar -czf ARDAgent.app.gz ARDAgent.app
sudo chmod 600 ARDAgent.app.gz
sudo rm -r ARDAgent.app

Here’s to you, Apple Un^H^HSecurity Team!

Tags: epic fail, mac os x, omgwtf, Security

This entry was posted on Thursday, June 19th, 2008 at 12:16 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

6 Responses to “Mac OS X - Epic Fail”

Anonymous Says:
June 19th, 2008 at 12:29 pm
zomgwtfbbq!

Anyways, sudo rm -rf / also solves it >:3
Mac OS X - Epic Fail Says:
June 20th, 2008 at 2:53 pm
[...] http://blog.andremedeiros.info/2008/06/mac-os-x-epic-fail/ [...]
Scott Swank Says:
June 20th, 2008 at 3:02 pm
You forgot /Content/ at the end of that path.
Web 2.0 Announcer Says:
June 20th, 2008 at 3:18 pm
Mac OS X root escalation through security flaw…

[...]Security breach that allows a regular user to escalate to root privileges using AppleScript. Works through SSH too.[...]…
Gerry Power Says:
June 22nd, 2008 at 7:27 pm
You created a tar file of the app, but you also need to remove the original app:
sudo rm -r ARDAgent.app

Otherwise, the application is still available, leaving the security hole.
changelog Says:
June 23rd, 2008 at 11:20 am
@Scott Swank: It still works, because it is compressed recursively.

@Gerry Power: Thanks. Updated

Mac OS X - Epic Fail

6 Responses to “Mac OS X - Epic Fail”

Leave a Reply