About the security content of Apple Remote Desktop 3.2.2
This document describes the security content of Apple Remote Desktop 3.2.2, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
This article has been archived and is no longer updated by Apple.
Apple Remote Desktop 3.2.2
Apple Remote Desktop
Available for: Apple Remote Desktop 3.2.1, Mac OS X v10.3 through v10.5.5, Mac OS X Server v10.3 through v10.5.5
Impact: A local user may execute commands with elevated privileges unless Security Update 2008-005 has been installed
Description: A design issue exists in the Open Scripting Architecture libraries when determining whether to load scripting addition plugins into applications running with elevated privileges. This update mitigates the issue for Apple Remote Desktop by disabling scripting of ARDAgent. This issue does not affect systems that have applied Security Update 2008-005. Credit to Charles Srstka for reporting this issue.