Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals

Security Update Patches Apple Remote Desktop

Security Update Patches Apple Remote Desktop — Apple has released Security Update 2004-10-27, a patch to Apple Remote Desktop Client 1.2.4 that prevents a remote user from starting an application behind the login window, which would allow the application to run as root. The vulnerability exists on Mac OS X 10.3 systems with Apple Remote Desktop Client 1.2.4 installed and Fast User Switching enabled. On an unpatched system that has a user logged in, but the login window visible via Fast User Switching, an Apple Remote Desktop user with privileges to do so can start an application, which would run as root. (The vulnerability requires that the Remote Desktop user have a valid username and password to access the system; it does not expose the machine to unauthorized use.)

<http://docs.info.apple.com/article.html? artnum=61798>

The 832K download, available through Software Update or the Apple Downloads page, only applies to Mac OS X 10.3 and later operating systems, and isn’t needed if Apple Remote Desktop has already been upgraded to version 2.1. [MHA]

<http://www.apple.com/support/downloads// securityupdate20041027ard.html>


Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.