BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Mac OS X ARDAgent Local Privilege Escalation

Disclosed June 18, 2008

Vulnerability Description:

ARDAgent in Apple Mac OS X 10.5 and 10.4 allows local users to gain privileges via an osascript tell command. This vulnerability is actively being exploited by attackers to install a trojan on a target system.

Vendors:

Apple

Vulnerable Software/Devices:

OS X 10.5
OS X 10.4
Potentially Earlier Versions

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Elevation of Privilege
Simple Elevation of Privileges This vulnerability allows an attacker to very simply elevate the privileges of a process to root. This allows for the full subversion of a system, potentially resulting in a persistant trojan or other malicious binary to be installed with system-level privileges.

BeyondTrust Prevention and Detection:

Mitigation:

Users are urged to only open known-sender AppleScript's or application bundles.

Links:

CVE(s):

None

Leave a Reply