Posts Tagged ‘Apple Remote Desktop’

[MacOS] Trojan horse uses MacOS X ARD vulnerability

Last week we reported about the vulnerability of the Apple Remote Desktop (read here). Now Brian Krebs of the Washington Post (read here) found out that readymade scripts are available yet on the net. The scripts are compiled into an exploit tool called “Applescript Trojan Horse Template”. The scripts allow any user to run programs […]

[MacOS] Root Exploit in Apple Remote Desktop (ARD)

Update 26.06.2008: read latest news about this exploit here… Abstract Intego reports (read details here) a “bug” in Apple’s Remote Desktop (ARD) application. In short: the ARD Agent runs AppleScripts always with root privileges. Now, when you put shell-commands into that AppleScript they are executed as “root”. ARD doesn’t require any admin/root password to do […]