To revisit the:ARDAgent.app security vulnerability

As early as in 2008,Apple's operating system is broke so a security incident。

That is the system program ARDAgent.app。This application is a system level,It has the highest level of authority - the root / administrator privileges。

That is,It do anything on the computer,They are permitted does not require,You do not need to know。This program is part of the Mac remote login,It is no window,It will not appear in your dock bar。Will only start when needed,Get root access,do anything。

This program was originally used laboratory debugging purposes,Or will only be enabled when a network administrator large quantities of remote operation,But there are always two sides to everything,I will not burst one might mention the right to use this program remote,Then it can execute arbitrary code on your computer - Well,Apple did not make any response to this vulnerability。

Until now,As if the problem - the potential vulnerabilities and no one has been concerned about how,In particular heavenly fart ......

In short,Why mention this thing again today routing it,Because in seven years,I once again encountered this problem。

Tip program SUID file has been modified and will not be repaired

Tip program SUID file has been modified and will not be repaired

This error is encountered using the system comes with the disk management tool to check permissions when。

Search,I found this page,It is Apple's official TS Page "Mac OS X:You can safely ignore the Disk Utility's Repair Disk Permissions Information"Nature,This error message is included,That is,this is normal、safe。

  • Warn:SUID file "System / Library / CoreServices / RemoteManagement / ARDAgent.app / Contents / MacOS / ARDAgent" has been modified,Will not be repaired。

 

But either way,This thing has not been previously modified out,But now it is being modified,Considering that most people should not use this "is the remote control" feature,So I think it's good to do something。

Follow the prompts,We are at

Found in this directoryARDAgent.appThis application,Then,To avoid this potential security threat,The best way is toDeletedFriends ~

Oh,Remember deleting,It put a zip file compression,

Right-click on,Options in the pop-up menu, select "Compression"

Then good compressionARDAgent.appBecause the file permission issues,You will be placed on your desktop,then,You can rest assured that bold delete thisARDAgent.app,And then towed back to the original desktop compressed backup directory just fine。(These two steps will require you to enter the current user's password to gain permission。)

Such,Check the disk permissions again,That error has disappeared,Next time, if necessary,Just go to the corresponding directory can unlock the archive。

Original article written by LogStudio:R0uter's Blog » To revisit the:ARDAgent.app security vulnerability

Reproduced Please keep the source and description link:https://www.logcg.com/archives/843.html

About the Author

R0uter

The non-declaration,I have written articles are original,Reproduced, please indicate the link on this page and my name。

Comments

  1. I tried it,Although there is no warning beyond repair tips,But verify permissions when there will be a bunch of permissions error,Then after repair,Discovery appeared warning,I was 10.9.5,I think before the release of Apple's security patches may be changed this file

    1. Ah ...... my version 10.10.2,Currently everything is normal,You say there is no problem of authority once again broken。Of course,I'm weird that the problem lies duet on this dual-screen software conflicts,The old loophole estimated's all right .......................................... ha ha

Leave a Reply

Your email address will not be published. Required fields are marked *