Apple から、セキュリティアップデートがリリースされています。

• About Security Update 2008-005

現時点では、日本語での解説が掲載されていないものの、ARDAgent の問題に対応しています。

Open Scripting Architecture

CVE-ID: CVE-2008-2830

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4

Impact: A local user may execute commands with elevated privileges

Description: A design issue exists in the Open Scripting Architecture libraries when determining whether to load scripting addition plugins into applications running with elevated privileges. Sending scripting addition commands to a privileged application may allow the execution of arbitrary code with those privileges. This update addresses the issue by not loading scripting addition plugins into applications running with system privileges. The recently reported ARDAgent and SecurityAgent issues are addressed by this update. Credit to Charles Srstka for reporting this issue.

今すぐアップデートを！