Apple Patches Mac OS X Security Hole | eWeek

Apple Patches Mac OS X Security Hole

Verfasst von
Ian Betteridge
Ian Betteridge
Dec 23, 2003
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Apple Computer Inc. issued a patch Monday fixing several security holes in Mac OS X, including one issue that could allow a malicious user to gain full access to any machine on a network.

The update, which is available via Apples Software Update System Preference pane built into OS X, changes the default settings for accessing Dynamic Host Communication Protocol (DHCP) servers on a local network, which are commonly used to assign Internet Protocol (IP) addresses to machines joining a network.

Because the default settings previously used by Apples implementation of DHCP on its client machines implicitly trusted any DHCP server on a local network, under certain circumstances it would allow root access from the DHCP. This means a malicious user could use the DHCP machine to install software on any affected machine on the network, or simply copy or erase any local files.

In November, Mac user William A. Carrel posted details of the problem on his security Web site after informing Apple about the vulnerability in early October. Apple issued a technical article describing a workaround for the issue soon after Carrel went public with his security advisory.

Although an Apple spokesman described the chances of such an attack occurring as remote, the presence of wireless access points on a network makes it possible to use the exploit without being physically present within a building. According to Carrels advisory, attackers “could take advantage of Wi-Fi roaming to provide a higher signal strength alternative to the normal network to attract victim hosts and to proxy traffic through to the normal network to avoid any appearance of disruption.”

The update also patches several other potential OS X security issues—including problems affecting the rsync and fs_usage Unix tools and the Screen Saver login window—and places restrictions on root access for systems using USB keyboards.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.