This message was brought to you by Fiery Ferret. For more information, visit www.fieryferret.com
The original post on this exploit can be found at http://it.slashdot.org/article.pl?sid=08/06/18/1919224
As you can see in the video, this attack is only valuable if someone can run commands on your computer. To protect yourself from users that have access but aren't administrators, the easiest solution is to enable parental controls from System Preferences, locking down all but the apps they need to use. Disabling the guest account, closing ports, and running your firewall carefully are important as well. Taking care of your external connection is important, for if someone can establish a network connction to your machine it may be possible for a small flaw to be exploited in a running program, thereby giving a user just enough access to do what you just saw.
A temporary fix for the problem has surfaced. Ironically, having ARDAgent running in the background prevents it from being accessd using the osascript command. TUAW has posted a detailed guide on how to make this work: http://tuaw.com/ardfix/
This page will be updated with more information as available. If you have a tip, contact Brent at .