{"id":169,"date":"2008-06-19T18:20:14","date_gmt":"2008-06-19T17:20:14","guid":{"rendered":"http:\/\/blog.intego.com\/?p=169"},"modified":"2019-06-26T17:57:56","modified_gmt":"2019-06-27T00:57:56","slug":"new-critical-threat-to-mac-os-x","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/","title":{"rendered":"Apple Remote Desktop vulnerability allows malicious programs to execute code as root"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.intego.com\/mac-security-blog\/images\/ardicon.jpg\" alt=\"\" \/><\/p>\n<p>A vulnerability has been discovered that allows malicious programs to execute code as root when run locally, or via a remote connection, on computers running Mac OS X 10.4 and 10.5. This vulnerability takes advantage of the fact that ARDAgent, a part of the Remote Management component of Mac OS X 10.4 and 10.5, has a setuid bit set. Any user running such an executable gains the privileges of the user who owns that executable. In this case, ARDAgent is owned by root, so running code via the ARDAgent executable runs this code as root, without requiring a password. The exploit in question depends on ARDAgent\u2019s ability to run AppleScripts, which may, in turn, include shell script commands.<\/p>\n<p>Read the rest of Intego&#8217;s Security Alert <a href=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2008\/06\/Intego-Security-Memo-20080619.pdf\">here<\/a> (PDF).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A vulnerability has been discovered that allows malicious programs to execute code as root when run locally, or via a remote connection, on computers running Mac OS X 10.4 and 10.5. This vulnerability takes advantage of the fact that ARDAgent, a part of the Remote Management component of Mac OS X 10.4 and 10.5, has [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":63247,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,13],"tags":[349],"class_list":["post-169","post","type-post","status-publish","format-standard","has-post-thumbnail","category-apple","category-security-privacy","tag-apple-remote-desktop"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Apple Remote Desktop vulnerability allows malicious programs to execute code as root - The Mac Security Blog<\/title>\n<meta name=\"description\" content=\"A vulnerability has been discovered that allows malicious programs to execute code as root when run locally, or via a remote connection, on computers\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apple Remote Desktop vulnerability allows malicious programs to execute code as root - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"A vulnerability has been discovered that allows malicious programs to execute code as root when run locally, or via a remote connection, on computers\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2008-06-19T17:20:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-06-27T00:57:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/02\/apple-remote-desktop-app-icon-ARD.png\" \/>\n\t<meta property=\"og:image:width\" content=\"894\" \/>\n\t<meta property=\"og:image:height\" content=\"894\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Peter James\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Peter James\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/new-critical-threat-to-mac-os-x\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/new-critical-threat-to-mac-os-x\\\/\"},\"author\":{\"name\":\"Peter James\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/person\\\/d0c16bd0a4dd8f82d91204f400c8d116\"},\"headline\":\"Apple Remote Desktop vulnerability allows malicious programs to execute code as root\",\"datePublished\":\"2008-06-19T17:20:14+00:00\",\"dateModified\":\"2019-06-27T00:57:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/new-critical-threat-to-mac-os-x\\\/\"},\"wordCount\":137,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/new-critical-threat-to-mac-os-x\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2017\\\/02\\\/apple-remote-desktop-app-icon-ARD.png\",\"keywords\":[\"Apple Remote Desktop\"],\"articleSection\":[\"Apple\",\"Security &amp; Privacy\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/new-critical-threat-to-mac-os-x\\\/\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/new-critical-threat-to-mac-os-x\\\/\",\"name\":\"Apple Remote Desktop vulnerability allows malicious programs to execute code as root - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/new-critical-threat-to-mac-os-x\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/new-critical-threat-to-mac-os-x\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2017\\\/02\\\/apple-remote-desktop-app-icon-ARD.png\",\"datePublished\":\"2008-06-19T17:20:14+00:00\",\"dateModified\":\"2019-06-27T00:57:56+00:00\",\"description\":\"A vulnerability has been discovered that allows malicious programs to execute code as root when run locally, or via a remote connection, on computers\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/new-critical-threat-to-mac-os-x\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/new-critical-threat-to-mac-os-x\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/new-critical-threat-to-mac-os-x\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2017\\\/02\\\/apple-remote-desktop-app-icon-ARD.png\",\"contentUrl\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2017\\\/02\\\/apple-remote-desktop-app-icon-ARD.png\",\"width\":894,\"height\":894},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/new-critical-threat-to-mac-os-x\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apple Remote Desktop vulnerability allows malicious programs to execute code as root\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#website\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#organization\",\"name\":\"Intego\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/person\\\/d0c16bd0a4dd8f82d91204f400c8d116\",\"name\":\"Peter James\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/02040a1b56c0554236733a69e59ffeacde3aff8b1d8fb9818a2b71ebbc0e2484?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/02040a1b56c0554236733a69e59ffeacde3aff8b1d8fb9818a2b71ebbc0e2484?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/02040a1b56c0554236733a69e59ffeacde3aff8b1d8fb9818a2b71ebbc0e2484?s=96&d=mm&r=g\",\"caption\":\"Peter James\"},\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/author\\\/peter\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Apple Remote Desktop vulnerability allows malicious programs to execute code as root - The Mac Security Blog","description":"A vulnerability has been discovered that allows malicious programs to execute code as root when run locally, or via a remote connection, on computers","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/","og_locale":"en_US","og_type":"article","og_title":"Apple Remote Desktop vulnerability allows malicious programs to execute code as root - The Mac Security Blog","og_description":"A vulnerability has been discovered that allows malicious programs to execute code as root when run locally, or via a remote connection, on computers","og_url":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/","og_site_name":"The Mac Security Blog","article_published_time":"2008-06-19T17:20:14+00:00","article_modified_time":"2019-06-27T00:57:56+00:00","og_image":[{"width":894,"height":894,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/02\/apple-remote-desktop-app-icon-ARD.png","type":"image\/png"}],"author":"Peter James","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Peter James","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/"},"author":{"name":"Peter James","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116"},"headline":"Apple Remote Desktop vulnerability allows malicious programs to execute code as root","datePublished":"2008-06-19T17:20:14+00:00","dateModified":"2019-06-27T00:57:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/"},"wordCount":137,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/02\/apple-remote-desktop-app-icon-ARD.png","keywords":["Apple Remote Desktop"],"articleSection":["Apple","Security &amp; Privacy"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/","url":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/","name":"Apple Remote Desktop vulnerability allows malicious programs to execute code as root - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/#primaryimage"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/02\/apple-remote-desktop-app-icon-ARD.png","datePublished":"2008-06-19T17:20:14+00:00","dateModified":"2019-06-27T00:57:56+00:00","description":"A vulnerability has been discovered that allows malicious programs to execute code as root when run locally, or via a remote connection, on computers","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/#primaryimage","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/02\/apple-remote-desktop-app-icon-ARD.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/02\/apple-remote-desktop-app-icon-ARD.png","width":894,"height":894},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-critical-threat-to-mac-os-x\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Apple Remote Desktop vulnerability allows malicious programs to execute code as root"}]},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116","name":"Peter James","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/02040a1b56c0554236733a69e59ffeacde3aff8b1d8fb9818a2b71ebbc0e2484?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/02040a1b56c0554236733a69e59ffeacde3aff8b1d8fb9818a2b71ebbc0e2484?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/02040a1b56c0554236733a69e59ffeacde3aff8b1d8fb9818a2b71ebbc0e2484?s=96&d=mm&r=g","caption":"Peter James"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/169","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=169"}],"version-history":[{"count":2,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/169\/revisions"}],"predecessor-version":[{"id":88507,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/169\/revisions\/88507"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/63247"}],"wp:attachment":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=169"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}