Alerts
Alerts
Zero-Day Tracker
Common Name:
Mac OS X ARDAgent Local Privilege Escalation
Date Disclosed:
6/18/2008
Date Patched:
7/31/2008
Vendor:
Apple
Application:
OS X 10.5
OS X 10.4
Potentially Earlier Versions
Description:
ARDAgent in Apple Mac OS X 10.5 and 10.4 allows local users to gain privileges via an osascript tell command. This vulnerability is actively being exploited by attackers to install a trojan on a target system.
Severity:
High
Code Execution:
Yes (Local Privilege Escalation)
Impact:
Simple Elevation of Privileges
This vulnerability allows an attacker to very simply elevate the privileges of a process to root. This allows for the full subversion of a system, potentially resulting in a persistant trojan or other malicious binary to be installed with system-level privileges.
Mitigation:
Users are urged to only open known-sender AppleScript's or application bundles.
Protection:
Links:
First Public Disclosure
CVE-2008-2830
SecureMac: AppleScript.THT Trojan Horse Advisory
MacShadows: ARDAgent Exploit Wiki
Status:
6/18/2008 In-The-Wild Exploitation Witnessed
Common Name:
Mac OS X ARDAgent Local Privilege Escalation
Date Disclosed:
6/18/2008
Date Patched:
7/31/2008
Vendor:
Apple
Application:
OS X 10.5
OS X 10.4
Potentially Earlier Versions
Description:
ARDAgent in Apple Mac OS X 10.5 and 10.4 allows local users to gain privileges via an osascript tell command. This vulnerability is actively being exploited by attackers to install a trojan on a target system.
Severity:
High
Code Execution:
Yes (Local Privilege Escalation)
Impact:
Simple Elevation of Privileges
This vulnerability allows an attacker to very simply elevate the privileges of a process to root. This allows for the full subversion of a system, potentially resulting in a persistant trojan or other malicious binary to be installed with system-level privileges.
Mitigation:
Users are urged to only open known-sender AppleScript's or application bundles.
Protection:
- eEye's Retina® Network Security Scanner scans devices to detect for this vulnerability.
Links:
First Public Disclosure
CVE-2008-2830
SecureMac: AppleScript.THT Trojan Horse Advisory
MacShadows: ARDAgent Exploit Wiki
Status:
6/18/2008 In-The-Wild Exploitation Witnessed
