Apple issues patch for Mac OS X hole
Apple Computer releases a security update that, among other fixes, closes a hole in Mac OS X that could have allowed hackers to take control of a computer under particular circumstances.
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section. | ||||
A DHCP server assigns a TCP/IP address to a computer and, under the earlier default settings, a Mac running one of the above-listed OSes would accept data from DHCP servers found on a local area network.
If a hacker inserted a malicious DHCP server on a local network, he or she could then exploit Apple's earlier default setting to embed malicious software on a computer or use the computer as a drone for coordinated attacks on other systems.
An Apple representative said the probability of a hack occurring was low, because the hacker would have to be an insider.
But William Carrel, a Mac user who runs a Mac security site, said an outside hacker who broke into a corporate network could add a DHCP server to that network. At that point, the outsider could take complete control of unpatched desktops.
Carrel discovered the flaw in November.
Apple's security update also fixes a buffer overflow vulnerability in a file system, plugs another vulnerability in Panther that could cause denial-of-service requests and in general improves the security features of the affected OSes.
"This is a general security update," the Apple representative said. Apple credited Secure Network Operations for reporting the denial-of-service vulnerability.
Further information on the update and a link for downloading can be found at Apple's site. In a lot of ways, 2003 was the year of the hole. Microsoft acknowledged 119 vulnerabilities this year in Windows--47 in Windows 2000, 46 in Windows XP and 26 in Windows 2000 Server--and issued 76 security updates, according to the company.
And Linux and Apple weren't being left out. Security experts found vulnerabilities, albeit far fewer, with those operating systems this year, too. The number of flaws found in Linux will likely increase as well, according to Symantec CEO John Thompson, among others, as the target base increases.
Apple also issued security updates for Panther and Jaguar in November, regarding other vulnerabilities.