Results tagged “Intego” from Remember the human

Slashdot yesterday posted Mac OS X Root Escalation Through AppleScript, which describes a vulnerability in a core component of Mac OS X 10.4 and 10.5. I was not able to reproduce this on my Tiger system at work but that’s just one machine.

The example given in the post is:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"'

So what does this do? If you copy and paste the above code into the Terminal application found in /Applications/Utilities and then hit return, you’ll receive this in return: