Apple Patches Mac OS X Security Hole
Apple Computer Inc. issued a patch Monday fixing several security holes in Mac OS X, including one issue that could allow a malicious user to gain full access to any machine on a network.Apple Computer Inc. issued a patch Monday fixing several security holes in Mac OS X, including one issue that could allow a malicious user to gain full access to any machine on a network. The update, which is available via Apples Software Update System Preference pane built into OS X, changes the default settings for accessing Dynamic Host Communication Protocol (DHCP) servers on a local network, which are commonly used to assign Internet Protocol (IP) addresses to machines joining a network. Because the default settings previously used by Apples implementation of DHCP on its client machines implicitly trusted any DHCP server on a local network, under certain circumstances it would allow root access from the DHCP. This means a malicious user could use the DHCP machine to install software on any affected machine on the network, or simply copy or erase any local files.
In November, Mac user William A. Carrel posted details of the problem on his security Web site after informing Apple about the vulnerability in early October. Apple issued a technical article describing a workaround for the issue soon after Carrel went public with his security advisory.