Apple's Mac OS X Vulnerable To Networking Exploit - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure
News
2/26/2008
04:34 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Apple's Mac OS X Vulnerable To Networking Exploit

A security researcher at Digit-labs.org posted a proof-of-concept exploit that takes advantage of a flaw in the way the Apple implements IPv6 support.

The most recent version of Apple's Mac OS X (10.5.2) appears contain a security vulnerability that could allow an attacker to crash computers on a local or remote network.

Security researcher Neil Kettle of Digit-labs.org on Tuesday posted a proof-of-concept exploit that takes advantage of a flaw in the way the Apple implements IPv6 support.

Most networks use the IPv4 networking protocol; IPv6 is slowly being deployed to provide a larger number of available network addresses, improved security, and other features.

In an e-mail, Kettle explained that the bug isn't likely to put home users at risk because few of them will be using IPv6 networks.

"In the case of office environments, the bug is more serious since it's more likely IPv6 will be supported on the local network," said Kettle. "One can easily imagine a single user crashing much (if not nearly all) employees' machines at, let's say, Apple Inc."

The bug is also an issue for Mac OS X Server, as more servers provide native IPv6. A single user, Kettle said, could significantly affect server reliability.

The bug resides in the open source KAME Project's IPv6 implementation, which may not properly process IPv6 packets that contain an IP payload compression protocol (IPComp) header. Mac OS X is built atop BSD Unix, which contains KAME Project code.

Kettle observes that the bug was identified in November and that Apple has not acknowledged that Mac OS X is vulnerable. The "very existence of this bug is quite indicative of Apple's patching and security practices," he said.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Commentary
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Commentary
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
White Papers
Register for InformationWeek Newsletters
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Slideshows
Flash Poll