About that “Huge, Crazy, Ridiculous OS X Security Hole” (updated)

So what about this “Huge, Crazy, Ridiculous OS X Security Hole” that has been making the rounds on the news sites? 

Well, it’s very simple.  There is no security whatsoever in place to prevent AppleScript messages between users on a local machine.  This means that any user can tell an app running as root to do something malicious. And, according to Charles Srstka, author of the popular Pacifist program, this security hole was reported as early as 2004! Wow.

Rixstep has an excellent writeup on the issue entitled “Huge, Crazy, Ridiculous OS X Security Hole.”  It’s a must-read for anyone interested in the issue.

update: Rixtep’s followup article has even more gory details.