No password required
I would like to point out to the fanboys that in the case of this exploit, no, you do not have to input your admin password and nor will you be asked for it. The ARD agent is taking an applescript request from a non-privileged user and executing it as ROOT.
If you couple this with say, a drive by browser exploit, then you have a *serious* problem.
I was able to get the exploit to work remotely on my Macs but only with known credentials for a user on the remote machine and of course events must be enabled (not default behaviour), but it is potentially remotely exploitable.
- DINO-SLAYER asteroid strike was a stroke of bad luck, say boffins
- BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
- Stick a 4K in them: Super high-res TVs are DONE
- Review You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad
- Russia: There is a SPACECRAFT full of LIZARDS in orbit above Earth and WE control it