Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Attacks likely against unpatched Mac OS Samba bug

Two months after Samba fixed the software, Mac users are still waiting for Apple update

July 27, 2007 12:00 PM ET

Computerworld - Symantec Corp. this week warned Mac OS X users that the addition of an exploit to the Metasploit hacking framework had boosted the threat posed by an unpatched bug in Samba, the open-source file- and print-sharing software included with the Apple operating system.

Although the vulnerability was disclosed May 14 and patched that same day by the Samba community, Apple has not updated Mac OS X with a fix, said Symantec's Alfred Huger, vice president of engineering with the security company's response group.

"This is significant exposure for Mac OS X users," said Huger. "Samba is used in virtually every mixed environment where there are Macs and PCs, and the threat profile is much higher now that an exploit has been added to Metasploit."

Samba, which is also used by most Linux distributions to file- and print-sharing with Windows systems, is turned on in Mac OS X when users activate the Windows Sharing feature.

This month, a trio of Brazilian researchers who collaborate as Rise Security released Mac OS X attack code for the Samba vulnerability. According to Symantec, the Rise code is "almost identical" to what the company's security team discovered in late May.

More important, said Huger, is that Rise also contributed their code to Metasploit, an open-source platform for creating, testing and launching exploit code. "Once we see something in Metasploit, we know it's likely we'll see it used in attacks," he said, as he explained why Symantec had amped its earlier warning. "Every Unix-based break-in that's not handcrafted, in other words, not with the attacker sitting at the keyboard during the attack, is made with a couple of different tools, and Metasploit is by far the most popular."

The Rise-developed, Metasploit-distributed exploit successfully attacks a fully patched Mac OS X 10.4.10 system, added Symantec, and results in the attacker gaining root privileges on the Mac.

"There is a very high probability that attackers will attempt to leverage [the exploit] to compromise Apple users, especially those connected to wireless networks," said Symantec in a separate alert issued Wednesday to customers of its DeepSight Threat network. "Wireless networks are an especially high threat, because users' systems may be exposing the service that may otherwise be protected by a gateway firewall installed on a home network."

Symantec recommended that users disable the Windows Sharing service until Apple produces a patch. Technically astute users, however, may be able to handle the more rigorous chore of compiling the latest version of Samba manually in lieu of waiting for Apple.

Apple, which has not updated Samba within Mac OS X since March 2005, did not respond to e-mail asking for comment.

Read more about security in Computerworld's Security Knowledge Center.



Jump to comments

Apple

Additional Resources

Microsoft
Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess.
Microsoft
Review how one energy firm tightened protection and simplified IT work using business-ready security solutions.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

What People Are Saying

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs