Infrastructure // Unified Communications
News
2/26/2008
04:34 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

Apple's Mac OS X Vulnerable To Networking Exploit

A security researcher at Digit-labs.org posted a proof-of-concept exploit that takes advantage of a flaw in the way the Apple implements IPv6 support.

The most recent version of Apple's Mac OS X (10.5.2) appears contain a security vulnerability that could allow an attacker to crash computers on a local or remote network.

Security researcher Neil Kettle of Digit-labs.org on Tuesday posted a proof-of-concept exploit that takes advantage of a flaw in the way the Apple implements IPv6 support.

Most networks use the IPv4 networking protocol; IPv6 is slowly being deployed to provide a larger number of available network addresses, improved security, and other features.

In an e-mail, Kettle explained that the bug isn't likely to put home users at risk because few of them will be using IPv6 networks.

"In the case of office environments, the bug is more serious since it's more likely IPv6 will be supported on the local network," said Kettle. "One can easily imagine a single user crashing much (if not nearly all) employees' machines at, let's say, Apple Inc."

The bug is also an issue for Mac OS X Server, as more servers provide native IPv6. A single user, Kettle said, could significantly affect server reliability.

The bug resides in the open source KAME Project's IPv6 implementation, which may not properly process IPv6 packets that contain an IP payload compression protocol (IPComp) header. Mac OS X is built atop BSD Unix, which contains KAME Project code.

Kettle observes that the bug was identified in November and that Apple has not acknowledged that Mac OS X is vulnerable. The "very existence of this bug is quite indicative of Apple's patching and security practices," he said.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.