critical vulnerability found in Apple Remote Desktop

Security organization Intego has issued an advisory on a piece malicious software that could allow remote users to take control of a compromised system. The exploit is a root privilege escalation, and does require the user to enter their administrator password in order for the software to successfully run. According to the security alert issued by Intego, "A vulnerability has been discovered that allows malicious programs to execute code as root when run locally, or via a remote connection, on computers running Mac OS X 10.4 and 10.5. This vulnerability takes advantage of the fact that ARDAgent, a part of the Remote Management component of Mac OS X 10.4 and 10.5, has a setuid bit set. Any user running such an executable gains the privileges of the user who owns that executable. In this case, ARDAgent is owned by root, so running code via the ARDAgent executable runs this code as root, without requiring a password. The exploit in question depends on ARDAgent’s ability to run AppleScripts, which may, in turn, include shell script commands."