Few days ago a friend of mine sent me an email explaining that an important security problem has been recently discovered on Mac OS X.

The issue lies in the implementation of AppleScript since at least Mac OS X “Panther”. Applications running with root privileges could accept commands from other applications that are not running with root privileges and then execute this second command as superuser. So, running some applications like installers or simply Onyx could open a backdoor to any hacker.

Exploding the problem, open a Terminal and write

whoami

it tells who are you, in this case it shows your username. Now write:

osascript -e 'tell application "ARDAgent" to do shell script "whoami"'

and… who are you? root!!!

This is because ARDAgent has the corresponding bit to the setuid especified to root. The problem is easy to understand and easy to solve too, you only have to change this bit. Open another time the Terminal if you don’t and type

sudo chmod 755/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

This command change the permissions of the executable and solves the problem. You have to know when you will repair the permissions this change will disappear, so save this line in a good place.