Apple Computer Inc. issued a patch Monday fixing several security holes in Mac OS X, including one issue that could allow a malicious user to gain full access to any machine on a network.
The update, which is available via Apples Software Update System Preference pane built into OS X, changes the default settings for accessing Dynamic Host Communication Protocol (DHCP) servers on a local network, which are commonly used to assign Internet Protocol (IP) addresses to machines joining a network.
Because the default settings previously used by Apples implementation of DHCP on its client machines implicitly trusted any DHCP server on a local network, under certain circumstances it would allow root access from the DHCP. This means a malicious user could use the DHCP machine to install software on any affected machine on the network, or simply copy or erase any local files.
In November, Mac user William A. Carrel posted details of the problem on his security Web site after informing Apple about the vulnerability in early October. Apple issued a technical article describing a workaround for the issue soon after Carrel went public with his security advisory.
Although an Apple spokesman described the chances of such an attack occurring as remote, the presence of wireless access points on a network makes it possible to use the exploit without being physically present within a building. According to Carrels advisory, attackers “could take advantage of Wi-Fi roaming to provide a higher signal strength alternative to the normal network to attract victim hosts and to proxy traffic through to the normal network to avoid any appearance of disruption.”
The update also patches several other potential OS X security issues—including problems affecting the rsync and fs_usage Unix tools and the Screen Saver login window—and places restrictions on root access for systems using USB keyboards.