Apple admits to 'misleading' Leopard firewall settings

Summary:Apple has fessed up to at least three serious design weaknesses in the new application-based firewall that ships with Mac OS X Leopard.

Apple ships fix for Mac OS X Leopard firewall flaws
Apple has fessed up to at least three serious design weaknesses in the new application-based firewall that ships with Mac OS X Leopard.

The acknowledgment from Cupertino comes less than a month after independent researchers threw cold water on Apple's claim that Leopard's firewall can block all incoming connections.

[ SEE: Apple monster update fixes 41 Mac OS X, Safari vulnerabilities ]

In an advisory accompanying the Mac OS X v10.5.1 update, Apple admitted that the "Block all incoming connections" setting for the firewall is misleading.

"The 'Block all incoming connections' setting for the Application Firewall allows any process running as user "root" (UID 0) to receive incoming connections, and also allows mDNSResponder to receive connections. This could result in the unexpected exposure of network services," Apple said.

[ SEE: Researchers pooh-pooh Mac OS X Leopard security ]

With the fix, the firewall will more accurately describe the option as "Allow only essential services", and by limiting the processes permitted to receive incoming connections under this setting to a small fixed set of system services, Apple said

Two other Application Firewall flaws are addressed:

CVE-2007-4703: The "Set access for specific services and applications" setting for the Application Firewall allows any process running as user "root" (UID 0) to receive incoming connections, even if its executable is specifically added to the list of programs and its entry in the list is marked as "Block incoming connections". This could result in the unexpected exposure of network services.

[ SEE: Memory randomization (ASLR) coming to Mac OS X Leopard ]

CVE-2007-4704: When the Application Firewall settings are changed, a running process started by launchd will not be affected until it is restarted. A user might expect changes to take effect immediately and so leave their system exposed to network access.

The Leopard firewall patch comes less than 24 hours after Apple shipped a monster update to cover at least 41 Mac OS X and Safari for Windows (beta) vulnerabilities.

Topics: Operating Systems, Apple, Hardware, Networking, Security, Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.