Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Two ways to possibly close an ARDAgent security hole' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Two ways to possibly close an ARDAgent security hole
Authored by: mshmgi on Jun 23, '08 05:50:02AM
You have underestimated the impact of this problem.

This is the worst security hole I have ever seen in OS X. Imagine the following scenario ...

Hacker writes an application that you install on your computer. The application contains the following bit of code:

osascript -e 'tell app "ARDAgent" to do shell script "rm -Rf /"';

Your entire hard drive has just been erased.

This security hole allows the script author to do ANYTHING they darn-well please with your machine, including (but not limited to):

  • Installing key loggers
  • Generating spam
  • Using your machine as a proxy server for other illegal activities

[ Reply to This | # ]