updated 01:20 pm EDT, Sat November 3, 2007
Leopard security holes
Apple's Mac OS X Leopard operating system was designed be more secure, but industry professionals are saying that the OS has some serious security flaws that should be priority for the Mac OS team. Heise Security has discovered several vulnerabilities that may cause trouble for users, including a large flaw in the firewall: Leopard's firewall is deactivated by default, but even when it is present, it is said to allow all incoming connections – trusted or not – which eliminates the point of a firewall almost entirely.
"In contrast to, for example, Windows Vista," Jurgen Schmidt writes, "the Leopard firewall settings fail to distinguish between trusted networks, such as a protected company network, and potentially dangerous wireless networks in airports or even direct internet connections. Leopard initially takes the magnanimous position of trusting all networks equally."
Heise recommends activating the firewall, and enabling the option to "Set access to specific services and programs", allowing Leopard to automatically enter information pertinent to a user's shared resources. The security company believes, however, that this option could lead to a trojan setting up residence in the system, providing a "back door" of sorts into the OS.
The article describes everything that Heise discovered over the course of their testing, outlining various security flaws that are inherent in Leopard.