On BNET: Online porn struggles for profits
BNET Business Network:
BNET
TechRepublic
ZDNet

November 15th, 2007

Apple admits to 'misleading' Leopard firewall settings

Posted by Ryan Naraine @ 11:14 am

Categories: Apple, Botnets, Browsers, Data theft, Exploit code, Hackers, Metasploit, Passwords, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Firewall, Apple Macintosh, Apple Inc., Application Firewall, Firewalls, Apple Mac OS X, Apple Mac OS, Network Security, Operating Systems, Security

Apple ships fix for Mac OS X Leopard firewall flaws Apple has fessed up to at least three serious design weaknesses in the new application-based firewall that ships with Mac OS X Leopard.

The acknowledgment from Cupertino comes less than a month after independent researchers threw cold water on Apple’s claim that Leopard’s firewall can block all incoming connections.

[ SEE: Apple monster update fixes 41 Mac OS X, Safari vulnerabilities ]

In an advisory accompanying the Mac OS X v10.5.1 update, Apple admitted that the “Block all incoming connections” setting for the firewall is misleading.

“The ‘Block all incoming connections’ setting for the Application Firewall allows any process running as user “root” (UID 0) to receive incoming connections, and also allows mDNSResponder to receive connections. This could result in the unexpected exposure of network services,” Apple said.

[ SEE: Researchers pooh-pooh Mac OS X Leopard security ]

With the fix, the firewall will more accurately describe the option as “Allow only essential services”, and by limiting the processes permitted to receive incoming connections under this setting to a small fixed set of system services, Apple said

Two other Application Firewall flaws are addressed:

CVE-2007-4703: The “Set access for specific services and applications” setting for the Application Firewall allows any process running as user “root” (UID 0) to receive incoming connections, even if its executable is specifically added to the list of programs and its entry in the list is marked as “Block incoming connections”. This could result in the unexpected exposure of network services.

[ SEE: Memory randomization (ASLR) coming to Mac OS X Leopard ]

CVE-2007-4704: When the Application Firewall settings are changed, a running process started by launchd will not be affected until it is restarted. A user might expect changes to take effect immediately and so leave their system exposed to network access.

The Leopard firewall patch comes less than 24 hours after Apple shipped a monster update to cover at least 41 Mac OS X and Safari for Windows (beta) vulnerabilities.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 155 Talkback(s)
No. We just get tired of pasting the code in posts...
here on ZDNet to prove to zealots that they exist!

I've had it with all that, just go on believing your invulnerable, the crackers will love it, that is if anyone convinces them an Apple owner has anything worth stealing!... (Read the rest)
Posted by: JCitizen Posted on: 08/27/08 You are currently: a Guest | | Terms of Use
Does not computer. AAAAAARRRRGHHHH!!!!!  NonZealot | 11/15/07
Warning: All your computer are belong to US!!!  D-T-Schmitz | 11/15/07
Re:Apple sadmits to misleading Leopard firewall settings  Teacee | 11/16/07
WHAT? A multimedia application a PC does better than a MAC!!!!  coachgeorge | 11/16/07
OMG!!!  Dr. John | 11/16/07
Is it possible for someone to design a virus ...  Information_z | 11/18/07
lol  zomgguy | 08/25/08
No. We just get tired of pasting the code in posts...  JCitizen | 08/27/08
"better" be default  grail@... | 11/18/07
Re:Apple admits to misleading Leopard firewall settings  Teacee | 11/16/07
Promise?  MarcB_z | 11/15/07
If you must...  ego.sum.stig@... | 11/15/07
There really is no  xuniL_z | 11/15/07
I read you review first and they went onto his....  Laff | 11/16/07
sorry  xuniL_z | 11/16/07
There really is no?  aussieblnd@... | 11/16/07
Ozzy....  xuniL_z | 11/16/07
Message has been deleted.  Mike Cox, Sr. | 11/15/07
Message has been deleted.  rtk | 11/15/07
Message has been deleted.  Confused by religion | 11/15/07
Message has been deleted.  johnpall@... | 11/15/07
Message has been deleted.  johnpall@... | 11/15/07
Message has been deleted.  johnpall@... | 11/15/07
Message has been deleted.  James T. Kirk | 11/15/07
Message has been deleted.  GuidingLight | 11/16/07
WOW,,, A whole sub-thread deleted..!  Wolfie2K3 | 11/16/07
Now I sort of wish I had read it while I had the chance.  Laff | 11/16/07
Just be glad you didn't  Me_too | 11/16/07
Nothing to see here, move along  GuidingLight | 11/16/07
WOW,,, A whole sub-thread deleted..!  aussieblnd@... | 11/16/07
It could have been worse.  xuniL_z | 11/16/07
Shut up, son!  Mike Cox's Grandfather | 11/16/07
Hey Granddaddy...  Cayble | 11/16/07
I've wondered  xuniL_z | 11/16/07
Message has been deleted happy  JCitizen | 11/16/07
Pay attention.  Resuna | 11/15/07
services? how about processes?  rtk | 11/15/07
Can you access the internet  xuniL_z | 11/15/07
More accurately pO$X.  Crestview | 11/16/07
It will be  Crestview | 11/16/07
Please do...  Linux User 147560 | 11/15/07
fun?  xuniL_z | 11/15/07
Really...  Wolfie2K3 | 11/16/07
Such a child...  BitTwiddler | 11/16/07
Man, the Apple fans must really like  No_Ax_to_Grind | 11/15/07
You would know, welcher  tic swayback | 11/15/07
Show me the sales numbers tic  No_Ax_to_Grind | 11/15/07
Will do!  tic swayback | 11/15/07
You'll never see it  Linux User 147560 | 11/15/07
I don't expect to get paid...  tic swayback | 11/15/07
You won't even get  Linux User 147560 | 11/15/07
I don't expect to get paid...  aussieblnd@... | 11/16/07
This is JetJaguar speaking  JetJaguar | 11/15/07
Yes, right here  tic swayback | 11/16/07
Yes, right here.........GASP  aussieblnd@... | 11/16/07
LOL!!  RocketEater | 11/16/07
Unfortunately Apple has already  xuniL_z | 11/15/07
Sort of  tic swayback | 11/16/07
web based usage stats  xuniL_z | 11/16/07
Best, but not good  tic swayback | 11/16/07
Ok, just one last thing.  xuniL_z | 11/16/07
We're the oddballs  tic swayback | 11/16/07
hate to say it Tic but  xuniL_z | 11/16/07
Apples to Oranges  tic swayback | 11/16/07
Correct me if I'm wrong, but  xuniL_z | 11/16/07
web based usage stats  aussieblnd@... | 11/16/07
Oh but Aussieblnd@...  xuniL_z | 11/16/07
I disagree a little bit with Tic here....  Laff | 11/16/07
Sorry  xuniL_z | 11/16/07
Um I think I did asnwer that one back when  Laff | 11/16/07
so then how do we differ again?  xuniL_z | 11/16/07
Don't know what you got?  Laff | 11/16/07
I highly doubt ownership will be  xuniL_z | 11/16/07
It works, it's just twitchy  tic swayback | 11/16/07
The transparency thing does not bother me but to  Laff | 11/16/07
Where's your sense of childlike wonder?  tic swayback | 11/16/07
I'm VERY immature.....does that count?  Laff | 11/16/07
Jim, why can't you Ever  xuniL_z | 11/17/07
Over the years there have been a host of Apple  Laff | 11/19/07
How long do you plan on waiting for your dreams to come true?  xuniL_z | 11/16/07
I thought the ad was premature... but  DannyO_0x98 | 11/16/07
Premature??  xuniL_z | 11/16/07
Cause it's there.....:)  Laff | 11/16/07
Oh, you didn't know  xuniL_z | 11/16/07
Cool... Someone else upset with Apple's ads...  Wolfie2K3 | 11/16/07
heh heh heh.....and I agree but it's not Apple's job  Laff | 11/16/07
Windows excuses 101  comp_indiana | 11/16/07
Please try refraining from posting if  GuidingLight | 11/16/07
GuidingLight: More data, less opinion, if you please.  Absolutely | 11/17/07
lol? should i be lolling?  zomgguy | 08/25/08
Unfortunately Apple has already  aussieblnd@... | 11/16/07
Come on Ozzy blnd  xuniL_z | 11/16/07
Bob Dylan "everybody must eat crow" but some even have to eat VSITA! - NT  raycote | 11/15/07
While some have taken a bite of the poison Apple (nt)  GuidingLight | 11/16/07
What is a VSITA?  Crestview | 11/16/07
First thing I do is turn off the firewall  voska | 11/15/07
Yikes! Root services.  ye | 11/15/07
What's in a title.  sos10@... | 11/15/07
Religion and Ideology  tonymcs@... | 11/15/07
Gee Apple's Fixing Problems  joedokes | 11/15/07
Gee...Apple admits they screwed up  flatliner | 11/16/07
what interesting.  rtk | 11/16/07
Just the facts please  RocketEater | 11/16/07
Don't feed the Trolls!  intuitivek3@... | 11/15/07
Like there are no Zealot Trolls  Crestview | 11/16/07
ZDnet like to complain...  sos10@... | 11/16/07
You are joking, right?  Crestview | 11/16/07
O_O  zomgguy | 08/25/08
Then you must be new around here;  JCitizen | 08/27/08
RE: Apple admits to 'misleading' Leopard firewall settings  coachgeorge | 11/16/07
RE: Apple admits to 'misleading' Leopard firewall settings  erniem1970@... | 11/16/07
Bridge for sale  DrByte | 11/16/07
Let's not forget  derekgore | 11/16/07
Please, please drop that old myth!  frabjous | 11/18/07
Since when did  alaniane@... | 11/19/07
"Microsoft admits" = not gonna happen...  3dtodd | 11/16/07
who cares this is about Apple  thastark@... | 11/16/07
People attack Apple  Crestview | 11/16/07
Wow, such clarity!  frabjous | 11/18/07
RE: Apple admits to 'misleading' Leopard firewall settings  musician88 | 11/16/07
John Kerry is an idiot.. and his wife is ugly... there.  reclaim25 | 11/16/07
I stille like my Apple Juice!  spikedstrider | 11/16/07
The Daily Show  musician88 | 11/16/07
Publisher is a moron  DrByte | 11/16/07
Moron?  derekgore | 11/16/07
wow.  reclaim25 | 11/16/07
Get real  RocketEater | 11/16/07
Work on an... Apple?  xxn1927 | 11/16/07
Work on an Apple? EVer hear of MUSIC?  musician88 | 11/16/07
There were a lot of SciFi shows that used Macs...  JCitizen | 11/16/07
RE: Apple admits to 'misleading' Leopard firewall settings  jjmacey@... | 11/16/07
Misleading Vista-XP stats versus MacOS  davem@... | 11/16/07
The More Apple becomes MS  reclaim25 | 11/16/07
10% ??? 30% ??  Crestview | 11/16/07
peeople smeehople...  fredfarkwater@... | 11/16/07
It's simple, do not buy until fixed  TripleII | 11/16/07
Hmmmm?  pokeitwithastick | 11/16/07
Not a thing wrong with WGA  derekgore | 11/16/07
RE: Apple admits to 'misleading' Leopard firewall settings  phatkat | 11/16/07
WwwhhaaaaaaAAAT?  Crestview | 11/16/07
I see this "feedback" forum still deletes the truth  Crestview | 11/16/07
It's true - it's not here!  musician88 | 11/16/07
why are you guys wasteing sooo much time?  support@... | 11/16/07
Amen Support!  derekgore | 11/16/07
They fixed it already?  jjarman | 11/16/07
No, they just stopped lying about it being broken. (nt)  rtk | 11/16/07
BTW... See Authors Disclosure...  musician88 | 11/16/07
I'm glad they clarified this matter  John Musbach | 11/17/07
RE: Apple admits to 'misleading' Leopard firewall settings  joe6pack_z | 11/17/07
Wrong way around  grail@... | 11/18/07
RE: Wrong way around  joe6pack_z | 11/19/07
Nice try  frabjous | 11/18/07
RE: Nice try  joe6pack_z | 11/19/07
Thanks for the info! NT  GSavage777 | 11/19/07
your all zealots  rockfanmcentire | 11/29/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here