APPLE: Security Notice

fenix-store
T

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
Location
Seattle, WA area
A notice has been publicly released by an independent person prior to release of a fix by Apple detailing a potential security problem in current OS X versions.

Simple 'workarounds' are provided, but it is not normal practice (and severely frowned upon) to release this sort of information prior to the release of a patch or fix from the manufacturer, when the manufacturer has acknowledged the issue and is working on it with a scheduled release. (Apple intends a security update for this in December.)

Bill Carrel set his own date that Apple "had to have the fix released by" or he would go public. His date was 26NOV2003. I have a word for Bill, but am not allowed to use it here. /ubbthreads/images/graemlins/rolleyes.gif

Here's a link to the notice: carrel.org: dhcp vulnerability

T_sig6.gif
 
T

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
Location
Seattle, WA area
Even if one is not using static IP's, Ryan, the number of settings that have to be 'just so' and the timing requirement that the remote has to be already waiting for the system at boot time makes the chance of any exploit actually working fairly slim.

HOWEVER, there are so few reports of large security holes in Apple software or hardware that ANY report of a security flaw becomes newsworthy, as opposed to some other software products.

Oh, just to balance this somewhat, on the same day this Apple security hole was made public (26NOV03), these five MSIE security holes were, also: Additional MSIE Active-X security holes.

T_sig6.gif
 
S

Saaby

Flashaholic
Joined
Jun 17, 2002
Messages
7,447
Location
Utah
It can only happen during boot? Well then I'm even more secure. I probably won't need to boot again until the patch is released. Maybe, rumor mills are whispering that 10.3.2 is ready...
 
James S

James S

Flashlight Enthusiast
Joined
Aug 27, 2002
Messages
5,078
Location
on an island surrounded by reality
perhaps this is silly, but how can my connecting to an ldap server, any ldap server, create what is effectively an account on my computer? I haven't really done much with that at all, never used it for anything actually, but it is for telling me about the other machines and people on my network, not giving them accounts on my machine.

Perhaps another work around would be to re-assign the root user a higher id number /ubbthreads/images/graemlins/grin.gif Boy that would cause you a lot of work...
 
You must log in or register to reply here.

Similar threads

A
New Apple Battery Tech...
Replies
9
Views
629
raggie33
raggie33
Greta
  • Locked
NOTICE!!
Replies
0
Views
4K
Greta
Greta
Kestrel
Any physical home security / lock system experts here?
Replies
14
Views
3K
scout24
scout24
Monocrom
World Trade center security system = Fail
Replies
19
Views
2K
Monocrom
Monocrom
R
Any residential security people here??
Replies
2
Views
1K
Samy
Samy

Latest posts

Top