Mac OS ‘X’ Has An Un-Patched Flaw
Mac OS 'X' is prone to hacking assaults as spammers can easily exploit an un-patched flaw in its 'open source' Samba file & print sharing software, which comes with the OS, said the security firm Symantec on May 29, 2007. Macworld published this on next day.
Samba lets Mac users enable file & print sharing functions among the users of Windows. Two security firms have successfully exploited the virus, uncovered early last month (May 2007). These groups routinely test the flaws in various distributions of Linux. Immunity - penetration test providers - have unleashed the exploits as well as Metasploit Project. The project targets the flaws in various distributions of Linux.
DeepSight Threat Analyst Team of Symantec said, Samba V-3.0.10 that comes with 'X' is vulnerable to Request Multiple Heap Based Buffer Overflow flaw. This issue influences Samba's all versions prior to V-3.0.25 that's available for download at present. Digitalartsonline published this in news on May 30, 2007.
"Exploitation varies from what's been exhibited in public-exploits, but other researchers may probably be able to quickly overcome the technical whims linked with this platform," said Symantec in news that Macworld had published on May 30, 2007.
Samba was updated by Apple last when it released its security-update 2005-003. Though 'X' does not turn Samba on by default, however the OS of Mac that shares network with PCs running Windows could be vulnerable, warned Symantec. Since Apple released a Samba-update since 2005, customers need to upgrade to latest, secure versions on their own.
"Users of X' are recommended that they should download & install Samba 3.0.25's latest version from the official website. However, if this isn't possible, sharing services of Windows must be disabled as long as there's no official update issued by Apple through the Software-Update service." Macworld published this on May 30, 2007.
Mac binaries aren't available at the website, so it seems necessary to construct the binary using the source-files, something that's quite daunting for most users, notes the security firm Symantec. ITwire published this on May 30, 2007.
Related article: Mac OS X Devoid of Malware, Vexing Experts
» SPAMfighter News - 11-06-2007