Rare Mac Trojan exploits Apple vuln

Thumb Down

Didn't take long

As soon as I read about the idiotic decision to have the SUID bit set on the Apple Remote Desktop Agent, it was obvious there would be an exploit for it. This is a massive security hole in OS X and there's not really any way of defending it: A simple shell script can gain root privileges not by exploiting buffer overruns, etc but almost by design!

The Apple Remote Desktop Agent is scriptable and runs all scripts passed to it as root because of the SUID bit: this really is security 101 stuff and it makes you wonder how many other holes exist under the hood of OS X

You can protect yourself from this by unsetting the SUID bit, but if you subsequently run permissions repair on the disk, OS X will "helpfully" put it back for you...

Microsoft have had a lot of (justified) stick for security issues in various versions of Windows, but this is probably the worst security issue I've seen in years, simply because someone has made a concious decision to setup the remote desktop agent in that way

Finally, a few comments on here have tried to defend it by saying it has to be installed by the user: That is the definition of a trojan, and the big difference with this over earlier "trojans" is that the root escalation means it can do what it wants without triggering the secondary authentication that has kept other malware from freely doing what it wants on a Mac.

This will probably hit Macs hard because many Mac users are lax about running downloaded apps because they expect the OS to protect them, and have no additional malware protection on the machine.

And before I get flamed by Mac users trying to defend this, I am a Mac user myself and, as I said at the start, this is simply indefensible


Back to the forum