Home / mailings APPLE-SA-2008-09-16 Apple Remote Desktop 3.2.2
Posted on 16 September 2008
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2008-09-16 Apple Remote Desktop 3.2.2
Apple Remote Desktop 3.2.2 is now available and addresses the
following issue:
Apple Remote Desktop
CVE-ID: CVE-2008-2830
Available for: Apple Remote Desktop 3.2.1,
Mac OS X v10.3 through v10.5.5, Mac OS X Server v10.3 through v10.5.5
Impact: A local user may execute commands with elevated privileges
unless Security Update 2008-005 has been installed
Description: A design issue exists in the Open Scripting
Architecture libraries when determining whether to load scripting
addition plugins into applications running with elevated privileges.
This update mitigates the issue for Apple Remote Desktop by disabling
scripting of ARDAgent. This issue does not affect systems that have
installed Security Update 2008-005. Credit to Charles Srstka for
reporting this issue.
Apple Remote Desktop 3.2.2 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Apple Remote Desktop 3.2.2 Client
The download file is named: "RemoteDesktopClient.dmg"
Its SHA-1 digest is: b1a81f17724d9b2f7b6dbffed56bc9a0463d1d7e
For Apple Remote Desktop 3.2.2 Admin
The download file is named: "RemoteDesktopAdmin322.dmg"
Its SHA-1 digest is: d9657c10ed4bc29cfe8cc64e0727ffd4ed8a1425
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
