Technology Update

June 20, 2008

Apple security exploit

An exploit in Mac OS 10.4 (Tiger) and 10.5 (Leopard) has recently been brought to light that allows a locally logged-in user to execute arbitrary shell commands as root. Since this requires the user executing the exploit to be logged in to the Aqua interface, it does not place the machine in danger of remote attacks, but if the exploit is buried in downloaded code, it could open the machine to other attacks from the outside.

The exploit affects the Apple Remote Desktop agent, but the machine is only vulnerable when Remote Desktop is not enabled. To protect your Mac against this exploit, we recommend you enable "Remote Management" in System Preferences -> Sharing. You can select "Allow Access for: Only These Users", and remove any users listed.

If you have any questions, please contact eas-itap@purdue.edu.