Mac OS open to attack through unpatched Samba
Sharing utility rife with heap-based buffer overflow bugs
Computerworld - Hackers can attack Apple Inc.'s Mac OS X by exploiting an unpatched vulnerability in the open-source Samba file- and print-sharing software that's included with the operating system, Symantec Inc. said Monday.
Samba, which is enabled when Mac users turn on the Windows Sharing feature that allows Microsoft Corp. customers to access files and printers on a Mac network, was pegged with multiple heap-based buffer overflow bugs earlier this month. Exploits have been released by penetration test suppliers Immunity Inc. and the Metasploit Project that target the vulnerabilities on several Linux distributions.
"The DeepSight Threat Analyst Team successfully exploited the heap corruption vulnerability on a fully patched Mac OS X 10.4.9 system running the default Samba 3.0.10 application," said Symantec in an alert to customers of its threat network. "Exploitation differs from what has been demonstrated in public exploits, however it is likely that other researchers would be capable of quickly overcoming the technical quirks associated with the platform."
Although Mac OS X doesn't turn on Samba by default, Macs that share a network with Windows PCs could be at risk, Symantec warned. Because Apple has not released a Samba update since 2005, users must upgrade to the latest, and secure version, themselves.
"Mac OS X users are advised to download and install the latest version of Samba 3.0.25 from the official website," said Symantec. "If this is not possible, the Windows Sharing service should be disabled until Apple issues an official update via the Software Update service."
Related News and Discussion:
- Ken Mingis: Mac users 'unbearably smug' about security?
- Security 'holiday is over' for Mac users, security researchers say
- Samba developers quash serious bug
- Samba guru quits Novell for Google over GPL controversy
- Lucas Mearian: Why the iPhone is a ripoff
- Joyce Carpenter: Mac OS X better than Vista which is better than XP which is better than ...
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!