| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Local root escalation vulnerability in Mac OS X 10.4 and 10.5 discovered | |
|
||
| Time: 08:41 EST/13:41 GMT | News Source: ZDNet | Posted By: Robert Stein | ||
|
Yesterday, an anonymous reader released details on a local root escalation vulnerability in Mac OS x 10.4 and 10.5, which works by running a local AppleScript that would set the user ID to root through ARDAgent’s default setuid root state. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 314 Last | Next |
The time now is
6:28:00 AM
ET.
Any comment problems? E-mail us |
| #1 By 28801 (65.90.202.10) at 6/20/2008 8:55:20 AM |
| Is anybody really shocked by this? |
| #2 By 15406 (216.191.227.68) at 6/20/2008 9:56:51 AM |
| I'm shocked that the first post wasn't from parkkker. |
| #3 By 28801 (65.90.202.10) at 6/20/2008 10:02:57 AM |
|
I'm gonna need pliers to dig that hook out of your mouth!
|
| #4 By 15406 (216.191.227.68) at 6/20/2008 10:49:21 AM |
|
Huh?
<Nomad> Your facts are uncoordinated. </Nomad> |
| #5 By 52115 (66.181.69.210) at 6/20/2008 12:00:49 PM |
|
Maybe I'm missing something but yeah this is bad but it's a local escalation. It's not a remote escalation nor is it affecting something which would be running a server. Probably the only good use would be for a kiddie to get root on his daddy's Mac. Other than that, I really haven't seen too many kiosk's running mac; too expensive.
|
| #6 By 23275 (68.186.182.236) at 6/20/2008 12:13:33 PM |
|
#5, though the vulnerability can also be executed via a remote connection under specific circumstances
The ARDAgent is what is at fault. I'd be willing to bet a thick dime that there more ways ot exploit ARDAgent. |
| #7 By 28801 (65.90.202.10) at 6/20/2008 12:59:26 PM |
|
latch:
I baited the hook and you swallowed it, the you didn't realize you swallowed it - you have made 2 mistakes! Execute your prime function - sterilize. |
| #8 By 23275 (68.186.182.236) at 6/20/2008 2:03:18 PM |
|
Regretfully, http://www.securemac.com/applescript-tht-trojan-horse.php
AppleScript.THT Trojan Horse - SecureMac Security Advisory Discovery: June 19th, 2008 Updated: N/A Security Risk: Critical SecureMac has discovered multiple variants of a new Trojan horse in the wild that affects Mac OS X 10.4 and 10.5. The Trojan horse is currently being distributed from a hacker website, where discussion has taken place on distributing the Trojan horse through iChat and Limewire. |
| #9 By 23275 (68.186.182.236) at 6/20/2008 2:03:30 PM |
|
Apparently, it was discovered much earlier than reported, http://it.slashdot.org/firehose.pl?id=726861&op=view This post was edited by lketchum on Friday, June 20, 2008 at 14:04. |
| #10 By 15406 (216.191.227.68) at 6/20/2008 2:29:50 PM |
|
#7: I didn't see me taking any bait; just a simple reply on a topic I couldn't care less about. However, your Nomad comeback was... fascinating.
|
| #11 By 28801 (65.90.202.10) at 6/20/2008 5:23:42 PM |
|
#10: "But you haaave murdered! What is the penalty for murder?"
Oops! Sorry, wrong Kirk outsmarts machine episode. |
| #12 By 72426 (69.144.82.159) at 6/20/2008 10:49:25 PM |
|
#5 kiddie to get root on his daddy's Mac
Or anyone using it for business where they want to secure the workstation. Which would the other 99% of the market. (People use computers in businesses, not just for daddy to download music for his iTunes.) This type of vulnerbility makes OS X a horrible risk in any business environment where IT people SECURE the computers or any other non-monitored installation like a kiosk, etc etc... With attitudes like this, people wonder why 'Business' deploys Windows and Macs end up being the jokes of IT and security professions. |
| #13 By 143 (65.221.158.226) at 6/21/2008 5:34:27 PM |
| "I'm a Mac And I'm a Security Issue" |
|
Write Comment
Return to News |
Displaying 1 through 25 of 314 Last | Next |
The time now is
6:28:00 AM
ET.
Any comment problems? E-mail us |
