By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
- Brian Krebs on Trojan Toolkit Based on ARDagent Security Hole
-
Leopard’s ARDagent — the background process that handles Apple Remote Desktop access — has a security hole, where it allows arbitrary AppleScripts to run as root, and, since AppleScript can execute shell scripts, arbitrary shell code to run as root too. Brian Krebs has uncovered proof-of-concept code that takes advantage of the hole.
★ Tuesday, 24 June 2008