Temporary Fix for ARDAgent Root Privilege Escalation

If you’re worried about the security problem with Apples Remote Desktop Sharing that I posted about yesterday, but still want to use the service, then here’s a quick solution:

Open Terminal and type, all on one line, the following command:

sudo chmod u-s /System/Library/CoreServices/RemoteManagement/
ArdAgent.app/Contents/MacOS/ARDAgent

Now if you use,
osascript -e 'tell app "ARDAgent" to do shell script "whoami"'you should get your own username back.