Surprise, Leopard’s Got Security Flaws

We’ve already covered a couple of Leopard’s uh-ohs and their fixes, but researchers have kicked up the dirt to reveal a few security-related flaws. First, according to Jürgen Schmidt, editor in chief at Heise Security, if you enable Leopard’s firewall (it’s disabled by default) and set it to “block all incoming connections,” some internal system services are still allowed access from the internet, making it a mite porous. And according to Thomas Ptacek from Matasano Security, two of its security features—sandboxing and library randomization—are half-baked in execution.

The problem with its implementation of sandboxing—where an app is placed in a “sandbox” so it can’t get rough with the rest of the OS if it’s hacked—is that a lot of the most commonly hacked apps like the browser, mail client and IM app aren’t run in a sandbox. To top it off, the sandbox walls aren’t as thorough as they should be, mostly applying to network access. Library randomization has similar problems—it wasn’t implemented everywhere it should have been, like the Dynamic Link Library, according to Ptacek.

Of course, someone has to actually exploit the flaws—incompletions more so than outright screw-ups—to cause damage, but Apple should probably patch them up with some haste, particularly the leaky firewall issue. [Cnet, Mac World]