The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Apple Releases Security Update Affecting Apple Remote Desktop

Apple Releases Security Update Affecting Apple Remote Desktop

by , 5:05 PM EDT, October 27th, 2004

Apple has released Security Update 2004-10-27 for Mac OS X. The update deals with an issue that makes it possible for applications to be run with root privileges under certain circumstances involving Apple Remote Desktop. Apple's release notes:

Available for: Apple Remote Desktop Client 1.2.4 with Mac OS X 10.3.x

Impact: An application can be started behind the loginwindow and it will run as root.

Description: For a system with these following conditions

  • Apple Remote Desktop client installed
  • A user on the client system has been enabled with the Open and quit applications privilege
  • The username and password of the ARD user is known
  • Fast user switching has been enabled
  • A user is logged in, and loginwindow is active via Fast User Switching

If the Apple Remote Desktop Administrator application on another system is used to start a GUI application on the client, then the GUI application would run as root behind the loginwindow. This update prevents Apple Remote Desktop from launching applications when the loginwindow is active. This security enhancement is also present in Apple Remote Desktop v2.1. This issue does not affect systems prior to Mac OS X 10.3. Credit to Andrew Nakhla and Secunia Research for reporting this issue.

The update is being recommended for all users, though it only effects Apple Remote Desktop. The update weighs in at 832k, and can be found in Software Update, or on Apple's security update page.

Observer Comments

Show: Subjects Only | Full Comments
Comment on this Article

Comments are currently closed. Please email the author instead.


Recent Headlines - Updated November 9th

Mon, 7:20 PM
Rumor - Apple May Update iPod touch in December
6:45 PM
Product News - MacUpdate Desktop Updated to 5.0.1 with New Features, Bug Fixes
5:16 PM
Apple Releases Mac OS X 10.6.2 - Guest Account Bug Fixed, Much More
4:12 PM
Games - New For iPhone: Star Rangers, Air Force Supremacy, Blood Beach, More
2:51 PM
Apple Stock Watch - Radio Shack Jumps 14% on iPhone Deal, Apple Up 3%
2:25 PM
Games - EA Scoops Up Social Games Publisher Playfish
1:51 PM
Deal Brothers - Western Digital 1TB SATA Intellipower Hard Drive:  $84.99
10:58 AM
News - StarHub Signs Singapore iPhone Deal
10:36 AM
Hot Forum Topic - Reader Speculation: What’s in Apple’s Tablet?
10:08 AM
News - Apple Kicks Off New Credit Program
9:26 AM
News - Apple Launches Reserve and Pick Up Program
8:49 AM
News - ikee Worm Rickrolls Jailbroken iPhones

The Mac Observer Reader Specials

  • TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
  • RamJet Memory: Mac Pro 8-core 8GB Kit $199.99, 4GB Kits $109.99! Sale on MacBook and MacBook Pro 8GB kits $549.99! New MacBook DDR3 2GB for $49.99. iMac and Mac mini 4GB Kits for $79.99! 1TB SATA Hard Drives for $109.99! Click here
  • OWC: Plug & Play Hardware RAID up to 8.0TB. High Performance, Data Redundant Solutions. FireWire 800, FireWire 400, USB2, or eSATA. Hot Swappable Bays, Data Rates over 200MB/s. Click here
  • Poker Mac If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
  • For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.

  • Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!