toggle

AAPL Stock: 99.02 ( + 1.35 )

Printed from http://www.macnn.com

Users "can't rely" on Leopard firewall

updated 06:10 pm EDT, Tue October 30, 2007

Leopard firewall flaw

Security experts have analyzed Apple's Mac OS X 10.5 Leopard firewall, and have declared the feature unreliable, according to heise Security. Firewalls are designed to prevent unwanted traffic -- such as denial of service attacks -- from entering a secured network, and are configured to prevent unauthorized access by intruders. The firewall in Mac OS X Leopard, however, comes pre-configured to allow all incoming connections and even deactivates previously-enabled firewalls when upgrading to Leopard. What's more, even when configured to deny all incoming connections the firewall still allowed incoming connections in one test.

"A number of peculiarities emerged in the course of testing. A newly booted MacBook refused time synchronisation - only to permit it a few moments later for no apparent reason without any changes to the security settings having been made. Further, it is not clear at what point Mac OS X starts which services, or how it decides which of these should be accessible and which should not."

The results mean Mac users can't rely on the firewall included with Mac OS X Leopard, according to the experts, because even if users choose to block all incoming connections potential attackers can continue to communicate with system services like the time server.

"Both system services run as root and do not appear to be supported by Leopard's new sandbox functions. If, therefore, a security problem which can be exploited remotely to inject and execute code is detected, an attacker could gain complete control over the system - with all the consequences this entails, right up to mass distribution via a worm."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. mgpalma

    Joined: Dec 1969

    0

    Disclaimer

    "If, therefore, a security problem which can be exploited remotely to inject and execute code is detected, an attacker could gain complete control over the system - with all the consequences this entails, right up to mass distribution via a worm."

    Which, of course, cannot be done. I love these guys...

  1. jameshays

    Joined: Dec 1969

    0

    More...

    Can you tell us why this cannot be done?

  1. MiMiC

    Joined: Dec 1969

    0

    Secure or Arrogant?

    I've read quite a bit on Apple's security and how good it is (UNIX), but my concern is Apple becoming arrogant about it. Being this is a HUGE reason why people switch (the number one reason people give me), this should be front and center at all times so as to not get the M$ image.

    People don't understand usability as they know nothing other than Windozz. Yes i have to tell people there are other OSes out there. 8 out of 10 don't even know what that means. BUT they do know what viruses are and Hackers! To tell them that Macs don't suffer from these makes for rather interesting conversation.

    If Apple slacks on this, even for a moment, they will lose one of their top talking points.

    Rich

  1. cblackmo

    Joined: Dec 1969

    0

    hmmm,

    Seeing that the vast moajority of users have little to no problems with security issues on Macs, wouldn't unpredictable firewall behavior be more a problem for hostile attackers trying to predict holes in security?

  1. normang

    Joined: Dec 1969

    0

    Even If....

    This is the initial release, if there really really really is a serious problem, it will be fixed in 10.5.1. which could show up any day now. And even if it doesn't show up for a month or more, your still more secure on OSX than you will ever be on any version of Windows.

  1. ClevelandAdv

    Joined: Dec 1969

    0

    Firewall

    The built-in firewall is the last line of defense in any secure system. I hope that this security expert found some isolated bug and not a widespread problem. I expect when I close a port via a firewall - it is closed!

    If this is turns out to be a real bug, Apple needs to fix it.

  1. BelugaShark

    Joined: Dec 1969

    0

    router

    Firewalls are best when used through your router. Unfortunately many users aren't technical enough to use that route, even OS firewall for that matter.

    note: Having both the OS firewall and a router's firewall creates better security.

  1. mgpalma

    Joined: Dec 1969

    0

    re: disclaimer

    All of of our exposure to the numerous "serious" security threats that exist have been of 'the sky is falling' sort. While 'proof of concepts' abound none, yes none, have surfaced in the wild and no consumer Mac users have had there Macs compromised. No one should be lax about security but I am a little tired of "oh the Macs are terrible and shouldn't be trusted" propaganda. As a Network Admin I am on the receiving end of more than my share of 'Macs are inferior' type of nonsense. When listening to these experts I am often reminded of the say, "It is better to keep silent and appear stupid, than to open your mouth and remove all doubt." Clearly, that is not a wildly held belief. That being said, like I tell all of my users/people, keep your systems patched and pay attention. We run ClamX av on all of our Macs and Windows machines. Ciao, Michael

  1. alderplank

    Joined: Dec 1969

    0

    Whom do you trust?

    Apple?

    Or some security "experts" who deem Vista as more secure?

    If there is a problem, Apple's history says they will get to it in a timely manner. On the other hand, Vista's security issues were inherited from xP, which were inherited from (ad infinitum). I hear that someday Windows will be secure. I'll bet I'm dead and long gone before it happens, if ever.

    Meanwhile, this "issue" seems to be just more of the usual "innocent 3rd party" c*** that tries to pass itself off as "legitimate" information. I wonder who is their major source of funding for such "research".

  1. testudo

    Joined: Dec 1969

    0

    Re: whom do you trust

    Apple?

    Or some security "experts" who deem Vista as more secure?
    Um, neither. Apple's not in the business to protect your data/computer. They're in the business to sell you computers. And past experience has shown that they have issues.

    And this isn't new, BTW. Its been reported in previous versions of OS X, along with Apple's pro apps, that they will bypass your firewall settings so they can ping all other computers on your network to see if the same app is installed with the same activation keys. So even if you say "Block everything!" it gets through.

    If there is a problem, Apple's history says they will get to it in a timely manner.

    Just like the issues with 10.4.10 where it disabled USB web cams, not to mention drop-out problems with Airport on MBPs? Or maybe the 'security' issues they fix quickly, except for that one reported a year ago that was found to still be open on the iPhone?

    On the other hand, Vista's security issues were inherited from xP, which were inherited from (ad infinitum). I hear that someday Windows will be secure. I'll bet I'm dead and long gone before it happens, if ever.

    Guess you didn't hear the news that Vista was mainly rewritten at one point, rather than just an upgrade of the underlying code from XP. Thus, the security issues in XP wouldn't be inherited. Not saying there aren't new ones, but if there are, there's a lot fewer of them then XP has.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

JBL Synchros E40BT headphones

For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

Razer Taipan mouse

The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

Cambridge Audio DacMagic XS

Every computer with a microphone or headphone port has one -- a digital to analog converter (DAC). There are nearly as many chipsets a ...

toggle

Most Commented