Mac OS vulnerable with unpatched Samba

Mac OS vulnerable with unpatched Samba

Hackers can attack Apple's Mac OS X by exploiting an unpatched vulnerability in the open-source Samba file and print sharing software that's included with the operating system, Symantec says.

Samba, which is enabled when Mac users turn on the Windows Sharing feature that allows Microsoft customers to access files and printers on a Mac network, was pegged with multiple heap-based buffer overflow bugs earlier this month. Exploits have been released by penetration test suppliers Immunity and the Metasploit Project that target the vulnerabilities on several Linux distributions.

"The Deepsight Threat Analyst Team successfully exploited the heap corruption vulnerability on a fully patched Mac OS X 10.4.9 system running the default Samba 3.0.10 application," Symantec say, in an alert to customers of its threat network. "Exploitation differs from what has been demonstrated in public exploits; however, it is likely that other researchers would be capable of quickly overcoming the technical quirks associated with the platform."

Although Mac OS X doesn't turn on Samba by default, Macs that share a network with Windows PCs could be at risk, Symantec warned. Because Apple has not released a Samba update since 2005, users must upgrade to the latest, and secure version, themselves.

"Mac OS X users are advised to download and install the latest version of Samba 3.0.25 from the official web site," Symantec says. "If this is not possible, the Windows Sharing service should be disabled until Apple issues an official update via the Software Update service."

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags ApplesambaMac OS



Show Comments