Tag Archive for ‘theft’ at VigiMac, free anti-theft service for your Mac

Tag Archive for 'theft'

ARDAgent security hole with MacOS X 10.5.4

Published

on 1 July 2008

. 0 Comments

A security hole has been recently discovered, relayed by all websites of the Mac community. This vulnerability with the ARDAgent program gives access to the root superuser with a simple Applescript command :

$ osascript -e ‘tell app “ARDAgent” to do shell script “whoami”‘
root

If it does not always work with MacOS X 10.5.3 (and previous versions), this security issue is not yet fixed and can appear with the last MacOS X 10.5.4 update.

You’ll find different ways to possibly close this ARDAgent security hole on macosxhints.com, like this command :

$ sudo chmod 755
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

If you use Apple Remote Desktop Admin, this command will avoid ARDAgent to launch.
Remote Desktop Admin will work thanks to this second command line and the issue doesn’t seem to appear anymore.

$ sudo chmod +s
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

Firmware password : the best complement for VigiMac

Published

VigiMac

on 7 June 2008

in Vigimac

. 0 Comments

Our first advice to improve VigiMac : setting up a firmware password.
Defined with administrator privileges, this password is the best low-level protection for your Mac.
It avoids :
- your hard disk to be formatted,
- your Mac to be started up in target disc mode, from another disc, or another partition.

You’ll find on Mac OS X Install Disc 1 the utility to easily add or remove a firmware password.

The firmware password utility is available when booting from this DVD or by following our step by step video.

Hold the Alt key at startup to test this password.

Setting up a Firmware Password for your Mac