Rare Mac Trojan exploits Apple vuln

"Once Again, Don't give it your password "

From the article and from what Phil Arundell says, it sounds like you install the script and the script requests some actions from the Remote Desktop Agent. The harmful acts are performed by the desktop agent, so that's the program you would need to change permissions to. Conversely, you could easily execute the script from anywhere without giving it your password.

So, a real security threat but one that's easy to avoid. As an OS X user, I'm hoping that we see more of these in the short term, so that Apple are forced to start being a bit more sensible about security, rather than claiming that if the kernel and most of the core libraries are secure then the OS must be.


Back to the forum


Biting the hand that feeds IT © 1998–2017