Heise Security: Apple’s Mac OS X Leopard firewall fails every test

“The Mac OS X Leopard firewall failed every test. It is not activated by default and, even when activated, it does not behave as expected. Network connections to non-authorised services can still be established and even under the most restrictive setting, “Block all incoming connections,” it allows access to system services from the internet. Although the problems and peculiarities described here are not security vulnerabilities in the sense that they can be exploited to break into a Mac, Apple would be well advised to sort them out pronto,” Jürgen Schmidt reports for Heise Security

“Apple is showing here a casual attitude with regard to security questions which strongly recalls that of Microsoft four years ago. Back then Microsoft was supplying Windows XP with a firewall, which was, however, deactivated by default and was sometimes again deactivated when updates were installed. It was also the case that system services representing potential access points for malware were accessible via the internet interface by default. Despite years of warnings from security experts, the predominant attitude was that security must not get in the way of the great new networking functions,” Schmidt reports.

“Then along came worms such as Lovsan/Blaster and Sasser, which rapidly infected millions of Windows computers via security vulnerabilities in system services, causing millions worth of damage. Even today, an unpatched Windows system with no active firewall will be infected within a matter of minutes. However, Microsoft has since learnt its lesson — a serviceable firewall, activated by default, has been included since Service Pack 2. With the standard configuration, no services are accessible from the internet on a Windows system,” Schmidt reports.

Full article here.

Lisa Vaas reports for eWeek, “Instead of addressing perceived flaws in the firewall, an Apple spokesman told eWEEK only that the company ‘takes security very seriously,’ that it has ‘a great track record of addressing potential vulnerabilities before they can affect users,’ and that it always welcomes feedback on how it can make security better on the Mac.”

Full article here.

96 Comments

  1. DON’T panic, just use ipfw:

    1. If you have OS X Tiger, turn on the firewall in System Preferences
    2. Open Terminal in your admin account and type at the prompt: sudo ipfw list
    3. Apply these rules to Leopard
    4. For more info, type: man ipfw

    P.S. Imagine Apple is trying to help you learn something.

  2. I’ve maintained several Mac computers and servers running every Mac OS X version since 10.0 DP4, and every one of them remained online with a public static IP address on the internet, with no firewall enabled, and I use ARD, AFS, POP/SMTP, etc. No intrusions, no malware. Thwarted bot attempts in the logs, but no successful breaches.

    MDN word: deal

  3. This will teach those hacking bastards to allow Leopard to be installed on pc’s!!!!

    Those pc’s will be mauled by Win’s viruses, worms, trojans & combo’s of vwt’s to the point where any person having done the deed will be needing to replace their computers rather than disinfecting them.

    Mac’s of course will (“Although the problems and peculiarities described here are not security vulnerabilities in the sense that they can be exploited to break into a Mac”,) always run & run & run & run & run……………

  4. That’s pretty serious if it’s true. Apple can’t fall down on the job with security – it MUST keep OS X free from viruses, worms, spyware, etc. or Mac users could face the same sort of future as Windows users.

    The last thing Apple needs is a major PR issue over security when no viruses, better security is a big driving point for switchers.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.