Mac OS open to attack through unpatched Samba

Gregg Keizer   Today’s Top Stories   or  Other Security Stories  

Winning Enterprise Authentication: 5 Key Steps for Success Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management A Simpler Approach to Remote Access Smart Security Choices for Mobile Workers File Integrity Monitoring: Secure Your Virtual and Physical IT Environments Computerworld Technology Briefing: Intelligent Users Use Business Intelligence Virtual Reality SaaS Solutions for Remote Systems Management Sign up to receive Security Resource Alerts

May 29, 2007 (Computerworld) -- Hackers can attack Apple Inc.'s Mac OS X by exploiting an unpatched vulnerability in the open-source Samba file- and print-sharing software that's included with the operating system, Symantec Corp. said today.

Samba, which is enabled when Mac users turn on the Windows Sharing feature that allows Microsoft Corp. customers to access files and printers on a Mac network, was pegged with multiple heap-based buffer overflow bugs earlier this month. Exploits have been released by penetration test suppliers Immunity Inc. and the Metasploit Project that target the vulnerabilities on several Linux distributions.

"The DeepSight Threat Analyst Team successfully exploited the heap corruption vulnerability on a fully patched Mac OS X 10.4.9 system running the default Samba 3.0.10 application," said Symantec, in an alert to customers of its threat network. "Exploitation differs from what has been demonstrated in public exploits; however, it is likely that other researchers would be capable of quickly overcoming the technical quirks associated with the platform."

Although Mac OS X doesn't turn on Samba by default, Macs that share a network with Windows PCs could be at risk, Symantec warned. Because Apple has not released a Samba update since 2005, users must upgrade to the latest, and secure version, themselves.

"Mac OS X users are advised to download and install the latest version of Samba 3.0.25 from the official Web site," said Symantec. "If this is not possible, the Windows Sharing service should be disabled until Apple issues an official update via the Software Update service."

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"So first there is the Twitter phishing attack, and now an 18-year-old hacker gets into their admin tools and does..." Read more... Read more Security posts or See all Blogs

Hack forces Twitter into 'full security review' EMC to lay off 2,400 Fake LinkedIn profiles promise prurient pics, send patsies malware instead More top stories...

Lenovo to lay off 2,500 staff, cut management pay 10 must-have free BlackBerry apps Cisco down to business with gear for digital home

The 9 hottest skills for '09 The downturn has softened the IT talent market but done little to weaken demand for SAP, .Net and other technical skills. Fast fixes for common PC problems Every computer user hits a speed bump now and then. Here are some speedy, simple solutions to hardware, software, network, Internet and mobile-device crises. Apple's 5 biggest moments in 2008 From the iPhone 3G to 'unibody' MacBooks, 2008 was a standout year for Apple. Hands-on Linux: New distro versions push the envelope We've got reviews and videos of the new Ubuntu 8.10, Fedora 10 and openSUSE 11.1. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2009 Premier 100 IT Leaders 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Process Automation with Symantec Process Automation with Symantec View this new webcast today! Go to the webcast  Computerworld Executive Bulletin: Building a Robust Antivirus Defense Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing  Creating a green data center to help reduce energy costs and gain a competitive advantage Download this new white paper today! (Source: VMware) With today's rapid IT growth, companies are looking to consolidate datacenter operations to achieve space and cost savings. And as energy costs continue to rise, datacenter efficiency becomes even more important. This IBM report details how companies are reducing energy usage and costs to gain a completive advantage. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Extend Your VPN Smart Security Choices for Mobile Workers Leverage Web-based Remote Access to Boost Productivity View more whitepapers

• Hack forces Twitter into 'full security review'
• Lenovo to lay off 2,500 staff, cut management pay
• EMC to lay off 2,400
• More top stories 

The Security Zone With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones

Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day. New baits

"Turning information into a Competitive Advantage" Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage. View this webcast now!  See more Webcasts

Dan Tynan: CES preview: The wireless revolution is finally here Two themes are clearly emerging: gadgets are going wireless in a big way, and everything is finally getting connected. ... [more]