A programmer's rants » epic fail http://blog.andremedeiros.info Random rants about code and life. Fri, 25 Sep 2009 10:40:45 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Mac OS X – Epic Fail http://blog.andremedeiros.info/2008/06/mac-os-x-epic-fail/ http://blog.andremedeiros.info/2008/06/mac-os-x-epic-fail/#comments Thu, 19 Jun 2008 12:16:04 +0000 changelog http://blog.andremedeiros.info/?p=6 While getting up to speed with Slashdot, I found an interesting article about a security breach on Mac OS X that allows user escalation through AppleScript.

Trying it on the terminal works, but, as they say, the user needs to have physical access to the machine. So, PatrĂ­cio suggested trying to access through SSH to see if it works, and it did.

Slashdot member gombah99 posted a tip on how to neutralize it non-destructively:

  1. cd /System/Library/CoreServices/RemoteManagement/
  2. sudo tar -czf ARDAgent.app.gz ARDAgent.app
  3. sudo chmod 600 ARDAgent.app.gz
  4. sudo rm -r ARDAgent.app

Here’s to you, Apple Un^H^HSecurity Team!

]]> http://blog.andremedeiros.info/2008/06/mac-os-x-epic-fail/feed/ 6