Few days ago a friend of mine sent me an email explaining that an important security problem has been recently discovered on Mac OS X.

The issue lies in the implementation of AppleScript since at least Mac OS X “Panther”. Applications running with root privileges could accept commands from other applications that are not running with root privileges and then execute this second command as superuser. So, running some applications like installers or simply Onyx could open a backdoor to any hacker.

Exploding the problem, open a Terminal and write

whoami

it tells who are you, in this case it shows your username. Now write:

osascript -e 'tell application "ARDAgent" to do shell script "whoami"'

and… who are you? root!!!

This is because ARDAgent has the corresponding bit to the setuid especified to root. The problem is easy to understand and easy to solve too, you only have to change this bit. Open another time the Terminal if you don’t and type

sudo chmod 755/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent

This command change the permissions of the executable and solves the problem. You have to know when you will repair the permissions this change will disappear, so save this line in a good place.

My software update gives me an impressive notice, Java for Mac OS has an update and adds support for Java 6 SE, as the document in apple says, this version doesn’t change the default version of Java which continue being the 1.5 version.

It’s a great notice for Java developers but I think Apple has been a bit late but as we say in Spain, better late than never

Apple just releases the very expected update for Mac OS X Leopard.  This is a very large update which size it’s 341Mb and fixes a lot of changes, 180+.

In my opinion this is the real Mac OS X Leopard, the OS that Steve Jobs wanted to release as the first version but it isn’t because another delay would be horrible to the comapny image and the shares… so he prefered sell an unfinished OS and shut up some people than sell this final version that sees the light today.

I was waiting for this update since Leopard is out to install it, I had readed some critiques about Leopard and I’d prefer to wait until a very large update comes… and here it is, this weekend I’m going to install Leopard on my Macbook and update to 10.5.2…