This is a message from a friend of mine that should help clear up any speculation about the recent AppleScript Trojan that has been going around (or so we hear).
I am a long-time user of UNIX based OSes and thought I would give my opinion of the ARDA exploit.
DISCLAIMER: These statements are simply my opinion, and have no warranty nor guarantee.
There has been a LOT of talk and speculation about the ARDA exploit. Let’s separate the facts from the rumors:
- There is no COMFIRMED wild use of the exploit! However, there has been talk on hacker sites of how to distribute it over things like links in iChat.
- Still, to be safe ONLY install apps or run scripts from trusted sources
- The exploit requires that a user runs something (even without the administrator password!). You can not be infected without installing something, or running a script.
- There is no way (at the time of this writing) to tell if your Mac has been exploited because there are no uniform symptoms as there might be with windows exploits.
- The exploit gives the attacker root access over the mac. They have absolute power over the mac. Again, THEY CAN DO ANYTHING!
- There have been many so-called “fixes” for this attack. As a UNIX geek, I recommend NOT trying these fixes.
- Why? One, there is no guarantee that these will fix all forms of the exploit. Two, it is highly possible that these workarounds could prevent a future official Apple patch form actually fixing the problem!
- The 10.5.4 update appears NOT to have fix the exploit.
The bottom line:
Be careful what you install/run/click on. Don’t try any unofficial fixes, and just sit tight for an official Apple update.
Bookmarks about Applescript on October 25th, 2008 at says:
[...] – bookmarked by 3 members originally found by mdhmdh31 on 2008-10-06 The ARDAgent Exploit(s): Fact from Fiction http://freemacappaday.com/arda – bookmarked by 4 members originally found by Sinuhet on 2008-10-03 [...]