More details from A mac IT Nerd.
I stumbled across a forum (shadowmac I think), where the participants were cobbling this together while I was googling failure conditions on the ARD exploit.
Social engineering is needed to get Trojan downloaded and for first run on target computer, in this case the run part is handled by a fake applescript warning concerning broken pref panes with a 'should I repair?' style pop up at login/app run.
Uses the recent ARD exploit to gain root access to box and enable services, swiss cheese the firewall etc, does not require user to enter any password.
Full exploit will only work if:
User that activates it is logged into GUI *AND* ARD has not been set up.
So simply turn Apple Remote Desktop on and set access privileges for a user in the sharing prefs to disable the exploit.
Hopefully there will be a patch for this rather embarrassing vulnerability shortly.
- +Comment Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN
- Vid Find email DIFFICULT? Print this article out and give it to someone 'techy'
- Back to the ... drawing board: 'Hoverboard' will disappoint Marty McFly wannabes
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date
- Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...