The Mac Observer

Skip navigational links

DealsOnTheWeb Daily Deal: 80GB iPod Classic: $209 Delivered

Apple Releases Security Update Affecting Apple Remote Desktop

by , 5:05 PM EDT, October 27th, 2004

Apple has released Security Update 2004-10-27 for Mac OS X. The update deals with an issue that makes it possible for applications to be run with root privileges under certain circumstances involving Apple Remote Desktop. Apple's release notes:

Available for: Apple Remote Desktop Client 1.2.4 with Mac OS X 10.3.x

Impact: An application can be started behind the loginwindow and it will run as root.

Description: For a system with these following conditions

  • Apple Remote Desktop client installed
  • A user on the client system has been enabled with the Open and quit applications privilege
  • The username and password of the ARD user is known
  • Fast user switching has been enabled
  • A user is logged in, and loginwindow is active via Fast User Switching

If the Apple Remote Desktop Administrator application on another system is used to start a GUI application on the client, then the GUI application would run as root behind the loginwindow. This update prevents Apple Remote Desktop from launching applications when the loginwindow is active. This security enhancement is also present in Apple Remote Desktop v2.1. This issue does not affect systems prior to Mac OS X 10.3. Credit to Andrew Nakhla and Secunia Research for reporting this issue.

The update is being recommended for all users, though it only effects Apple Remote Desktop. The update weighs in at 832k, and can be found in Software Update, or on Apple's security update page.

Observer Comments

Show: Subjects Only | Full Comments
Comment on this Article

Log in | Register | Having Problems? Reset TMO Cookies & Try Again
Username:   Password:   Log me on automatically each visit   

You are not logged in, and this post will appear as "Guest." Log in with your username and password from the TMO forums. If you do not have a username, you can register here.
Please note that guests are limited to including a maximum of two URLs per post.


Post A Comment
  Subject


  Your Comments



Please enter the word exactly as you see it in the image above. Registered users aren't prompted for this. Having trouble reading the image get a new one.


Recent Headlines - Updated Tuesday, May 13th, 2008

Tue., 5:00 PM
iPodObserver - CW: AT&T's 3G Network Leaves Verizon, Sprint in the Dust
4:00 PM
Montage 1.5 Gets New Styles System, Scene Navigation Enhancements
3:45 PM
RIM's Empire Strikes Back at Apple
3:00 PM
C|Net: Remote Possibilities for Apple
2:55 PM
Mac Gaming News - World of Warcraft Patched to 2.4.2 - Class Changes, Mac Fixes
2:20 PM
Apple Publishes Details on WWDC Keynote
1:40 PM
Office 2008 for Mac Sales Soaring
11:50 AM
Apple Gives Retail Store Site a New Look
11:10 AM
Mac Gaming News - Friction Games Ships Penumbra: Black Plague
10:40 AM
Hot Forum Topic - The Mighty-dirty Mouse
10:05 AM
Adobe Updates DNG Specification with Camera Profiles
9:35 AM
iPodObserver - HBO Joins iTunes with Two-tier Pricing
8:35 AM
Apple Rolls Out "New Get a Mac" Ads
8:10 AM
PageSender 4.3 Enhances Menu Options, More
7:40 AM
Podcast - Apple Weekly Report #125: iPhone Expansion, NBC and Zune, Apple's Eco-stance
3:10 AM
MS Office 2008 SP1 Improves Stability, Security, More
3:05 AM
Microsoft Says Visual Basic Returning to Office
 

The Mac Observer Reader Specials

Apple Stock Quote

  • AAPL: $189.96. Change Today: +1.80.
  • (Prices delayed up to 20 minutes.)
  • Discuss in our Apple Finance Board

Hot Topics

Top Deals From DealsOnTheWeb