updated 03:05 pm EDT, Thu June 19, 2008
Remote Mgmt. exploit
A new vulnerability connected to Mac OS X's Remote Management feature has been discovered, says the security firm Intego. The issue is specifically associated with ARDAgent, a component of the feature, which has a "setuid" bit set. Running an executable of this type gains root control, and so ARDAagent may potentially be used to gain access to base functions without a password.
In theory, an attacker would persuade a user to run malicious code, which would then take advantage of ARDAgent to run one or more AppleScripts. The damage from such scripts could be serious, Intego notes, ranging in impact from altering system settings to deleting all files on a hard drive.
The vulnerability affects both Mac OS X Tiger and Leopard, and any level of user account. It can allegedly be stopped, however, by simply enabling Remote Management in the Sharing pane under Leopard's System Preferences, or Tiger's optional Apple Remote Desktop client. Activating or deactivating Screen Sharing has no effect on security.
For extra security Intego recommends that VirusBarrier X5 owners download today's new virus definitions, which disable ARDAgent's capacity for running AppleScripts.