Jürgen Schmidt of security site Heise Security has issued a report, claiming that the Leopard firewall flunked every security test performed by the firm.
According to Jürgen Schmidt, editor in chief at Heise Security, if you enable the Apple firewall and set it to "Block all incoming connections," access from the Internet to certain internal system services will still be allowed. As an example, he said that his team was able to query the NetBIOS Naming Service over a Lan network even with full blocking enabled. The team was also unable to specifically enable UDP filtering within Leopard, which should block access to NetBIOS.
You can read the original report from Heise Security: Cracks in the Mac OS X Leopard firewall.
An additional criticism leveled by Schmidt also noted that Apple did not include the latest versions of open-source applications within Leopard, increasing the attack vector from vulnerabilities that have since been fixed.
- Security expert mauls Leopard firewall (vnunet.com)
- Researchers pooh-pooh Mac OS X Leopard security (ZDNet)
- Security geeks say Leopard needs fixing (Macworld)
————————————————————————————————————————Stay on top of the latest tech news
Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.