blob: a3b44e03dd88cbbe5fae63914cec325091430240 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
<img alt="Osxsm" title="Osxsm" src="http://blog.wired.com/photos/uncategorized/2007/05/25/osxsm.jpg" border="0" style="float: right; margin: 0px 0px 5px 5px;" />Symantec has revealed that Apple's failure to update the open source Samba file- and print-sharing software that ships with OS X means that even fully up-to-date installations are still vulnerable to a buffer [overflow exploit in Samba][4].
While OS X ships with Samba disabled, many users looking to easily share files between OSes and across home networks may be using Samba.
At the moment there's no patch available from Apple, though you can install the latest version of Samba yourself if you head over to the [Samba site][3] Samba 3.0.25 patches the buffer overflow bug which is the source of the exploit.
While the Samba exploit has nothing to do with OS X itself, the fact that Apple relies on a number of open source add-on highlights one of the flaws in its periodic updates policy. Open source projects like Samba tend to discover and patch flaws as they come up.
Linux users for instance can periodically run apt-get (or similar) to seamlessly upgrade all aspects of the system, while Apple users need to rely on Apple to issue patches or hunt down the latest versions of open source programs themselves, which is terribly inefficient.
Given that well over half of the flaws patched in [Apple's recent security update][5] were for open source software packages, perhaps among Steve Jobs' rumored Leopard announcements at the upcoming WWDC we'll see a more modern update system unveiled.
[via [ComputerWorld][2]]
[2]: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9021543 "Mac OS open to attack through unpatched Samba"
[3]: http://us3.samba.org/samba/ "Download Samba"
[4]: http://us3.samba.org/samba/security/CVE-2007-2446.html "Multiple Heap Overflows Allow Remote Code Execution"
[5]: http://blog.wired.com/monkeybites/2007/05/apple_patches_o.html "Apple Patches OS X Security Flaws"
|
