ARDAgent in Apple Mac OS X 10.5 and 10.4 allows local users to gain privileges via an osascript tell command. This vulnerability is actively being exploited by attackers to install a trojan on a target system.
OS X 10.5
OS X 10.4
Potentially Earlier Versions
Elevation of Privilege
Simple Elevation of Privileges This vulnerability allows an attacker to very simply elevate the privileges of a process to root. This allows for the full subversion of a system, potentially resulting in a persistant trojan or other malicious binary to be installed with system-level privileges.
BeyondTrust Prevention and Detection:
- BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
Users are urged to only open known-sender AppleScript's or application bundles.
- First Public Disclosure
- SecureMac: AppleScript.THT Trojan Horse Advisory
- MacShadows: ARDAgent Exploit Wiki