Updates: See the end of the post for current info.

We've been getting quite a bit of email since yesterday's anonymous Slashdot posting of a security problem with ARDAgent on Mac OS X 10.4 and 10.5, and there's plenty of Twittering going on over the issue.

Here's the deal: ARDAgent is the application that responds to Apple Remote Desktop remote administration requests, screen sharing and the like; you can find it in /System/Library/CoreServices/RemoteManagement on 10.5 machines.

In order to go do the voodoo that you do so well when you're administering remote Macs, ARDAgent needs to be 'setuid root' -- it needs to run with the privileges and access that belong to the system administrator, the same way you do temporarily whenever you unlock a system preference or install an application with Apple's installer. This is normal and expected behavior.

What's not so normal and expected is that ARDAgent will execute the 'do shell script' AppleScript command (on behalf of remote admins, normally, who need to run Unix commands from time to time). The problem here is that since ARDAgent is setuid root, any subprocess it launches is running with administrator permissions, and in fact with the right malicious scripting here it would be possible to do a great deal of damage. Granted, in order to activate this vulnerability the attacker would either have to be at the machine, or logged in remotely with the same account that is currently in use... or just convince the user to run a malicious downloaded application. Yikes.

The good news is, there's a very simple workaround (courtesy of the fine folks at Intego -- note that if you actually use VirusBarrier to disable ARD's shell script access as they recommend, and your machine is managed remotely, your administrator may take some umbrage). It turns out that if ARD's remote access features are turned on, via the Sharing pane in System Preferences, you're clear. Even if there aren't any users permitted to administer your machine, the 'do shell script' command that ARDAgent runs is neutered and cannot be exploited in this fashion. Most home and small office Macs wouldn't normally have this turned on, but once you activate it you should be protected. Our basic instructions can be found here. [See update below -- turns out the fix may not protect you fully.]

Stay safe out there!

Update: Thomas Ptacek of Matasano weighs in on this flaw and offers some additional workarounds, but he doesn't seem overly concerned.

Update 2: Commenter (and Mac OS X security pro) Zack Smith, along with Chris Barker, points out that it's possible to kill the ARDAgent process and immediately run the osascript command, which bypasses the protection that running ARDAgent under launchd provides. Under those circumstances an attacker or someone sitting at your machine could still run commands as root, much to your chagrin.

To prevent this, one approach is to change the permissions on the ARDAgent application bundle -- note that this will both break with future system updates or permissions repairs, and may adversely affect administrative access to your machine from legitimate managers:

sudo chmod -R u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app

You can also simply archive and remove ARDAgent.app if you don't plan to be managed by anyone.

Thanks to everyone who sent this in, and thanks to Intego for pointing out the workaround.

Who can take some software, bundle it for you? Make a free installer and then seal it up with glue? InstallEase can (with apologies to Sammy Davis, Jr.). The packaging utility, long part of the LANrev crossplatform management & audit tool, is now available free of charge -- making it very complementary to other no-cost packaging tools such as Apple's PackageMaker and the freeware Iceberg, and it compares in functionality to the $99 Casper Composer tool (also available as part of the comprehensive Casper Suite).

The idea behind both InstallEase and Composer is simple: suppose you want to install a new application on 20 computers, complete with plugins and pref files. Rather than walking around to each one, you snapshot your pre-install state on a prototype machine using InstallEase, then install the software; finally, take an 'after' picture. Just like that, you've created a package installer that can be run by the individual users, pushed out with ARD, LANrev, Casper etc., or triggered to run from a remote server. It's a great timesaver, especially for programs that don't leverage Apple's .pkg installer format for standardized deployment -- Office 2004, for example.

If you've got a passel of Macs to manage and you haven't tried InstallEase yet, give it a download and check it out.

I spend a significant amount of time using Apple Remote Desktop Admin every day at work. Aside from Radmind, it's my most valuable and useful tool for managing hundreds of Macintosh workstations in our labs and classrooms. I also have a brand-new 20" Intel iMac sitting on my desk, but until today, I've been unable to switch to it as my main computer because the ARD Admin software refuses to run on the new Intel machines.

Behold, a smart Mac admin somewhere has has figured out how to get ARD Admin to run on an Intel Mac, and it's as simple as removing the Intel version of the ARD agent, allow the Admin software to self-heal, and then relaunching the Admin app. More info and discussion here.

Now I can make my Intel iMac my main Mac desktop! So exciting the life of a Mac admin! Heh.