[原文]Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching.
Remote Desktop contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered at launch of Remote Desktop when loginwindow is active via Fast User Switching. This flaw may lead to a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.