Alex headshot

AlBlue’s Blog

Macs, Modularity and More

Serious root escalation bug in Mac OS X 10.4/10.5

Security Mac 2008

I've just come across a nasty root escalation bug in Mac OS X 10.4/5 which allows root escalation (i.e. grants root privileges for those that shouldn't get it). To verify that your system is at risk, execute:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"';

The secure way to fix this is to remove the ARDAgent from your system. The only problem is if you use Apple Remote Desktop; but then again, this is a far worse problem than having Apple Remote Desktop. To remove it, execute:

sudo rm -rf /System/Library/CoreServices/RemoteManagement/

If you don't have root privileges, then just get ARDAgent to do the removal for you :-)