Ok so this is probably the first flaw that might be worth mentioning, and since I am sure it will be I figure I will post some general info on it.
There is a flaw in Apple Remote Desktop, that allows a trojan to gain complete access to the system. It does so because ARD (Apple Remote Desktop) can run applescripts as root. This is being exploited, it is unclear whether it requires you to enter a password or not to actually be vulnerable, but based off what I have seen thus far I would lean towards you might be vulnerable without a password.
There is also a VERY basic workaround apparently. As counterintuitive as it is, turning ON Apple Remote Desktop access on your computer will prevent you from being vulnerable. The reason is turning on the service also enables some security checks that were apparently not thought needed when the service was not enabled. There is actually a bit of logic there, but it doesn't need to be gone into here for the moment.
So yes an exploit does exist. Yes this will likely get patched quickly. NO This is NOT a virus. In the meantime, don't download random programs from places you don't trust, or the standard targets of Limewire, GnuTella, Bittorrent, etc. And if you are worried about it, you can turn on Apple Remote Desktop. To be honest I personally won't be concerned with it. In order to have a problem you have to first download and install the applescript, not something I have a habit of doing.
Seablade
There is a flaw in Apple Remote Desktop, that allows a trojan to gain complete access to the system. It does so because ARD (Apple Remote Desktop) can run applescripts as root. This is being exploited, it is unclear whether it requires you to enter a password or not to actually be vulnerable, but based off what I have seen thus far I would lean towards you might be vulnerable without a password.
There is also a VERY basic workaround apparently. As counterintuitive as it is, turning ON Apple Remote Desktop access on your computer will prevent you from being vulnerable. The reason is turning on the service also enables some security checks that were apparently not thought needed when the service was not enabled. There is actually a bit of logic there, but it doesn't need to be gone into here for the moment.
So yes an exploit does exist. Yes this will likely get patched quickly. NO This is NOT a virus. In the meantime, don't download random programs from places you don't trust, or the standard targets of Limewire, GnuTella, Bittorrent, etc. And if you are worried about it, you can turn on Apple Remote Desktop. To be honest I personally won't be concerned with it. In order to have a problem you have to first download and install the applescript, not something I have a habit of doing.
Seablade
, which is why this exploit can work. As I said though, will probably be fixed pretty quick and is extremely easy to prevent.
