I regularly have a go a Microsoft for not patching vulnerabilities quickly enough. The recent shambles with the animated cursor flaw proves that MS still have a long way to go in terms of security. However, they are a not alone. Apple have a definite advantage over MS when it comes to security, they have built OS X on top of the very robust and security conscious FreeBSD distribution of Unix, while MS are building on the shoddy foundation that is DOS and early versions of NT. A lot of current Windows vulnerabilities lie in this very old code, the Animated Cursor flaw being a good recent example. However, Apple are being complacent. They seem to be drinking too much of their own cool-aid and are acting as if OS X really is immune from attack. It is of course not immune, and with Apple TV and the iPhone now also running OS X it’s becoming a bigger target every day. When vulnerabilities are reported Apple have to respond promptly, unfortunately the current SAMBA flaw in OS X proves they are not doing this.

[tags]SAMBA, OS X, Security, Apple[/tags]

Although it is not turned on by default, most Mac users turn on Windows Sharing on OS X. If you’re working in a mixed environment you really can’t do without it, and even in an all Mac environment, Windows Sharing provides a very simple way of transfer files. Like other Linux/Unix distributions, OS X uses SAMBA to implement Windows Sharing. A few months ago a very serious flaw was discovered in SAMBA which the SAMBA community patched within a day. The various OS vendors then began pushing out updated SAMBA packages very quickly, but Apple did not. To this day Apple have not incorporated the SAMBA fix into OS X. A fully patched OS X 10.4.10 machine with Windows Sharing enabled can be totally taken over. The code to do this has been added to MetaSploit so it is trivial for even an amateur programmer to write code to break into any Mac with Windows Sharing running.

This is bad. This is very bad, and TBH I consider it nothing short of a scandal. It makes a total mockery out of Apple’s security claims. However, don’t panic! All is not lost. Firstly, simply turning off Windows Sharing protects you completely from this vulnerability. If you want to be dead sure you’re safe you really need to do this. Secondly, if you’re enough of a nerd you can compile the new version of SAMBA yourself and get your machine patched without Apple’s help (seriously, leave this option to the true nerds).

However, you may not even need to do either of these things, if your home network connects to the internet via a regular NAT router (as is the norm) you are protected from the outside world. All machines on your home network will still be able to attack each other but since you probably trust your own family this shouldn’t be an issue in most households. One thing to watch out for is laptops, if you have a laptop which you connect to other networks you really do need to turn off Windows Sharing on it. In some small corporate environments it may also be OK to leave Windows Sharing switched on but on large corporate or university networks this would not be safe.

If you ever use an open WiFi point to connect to the internet you MUST disable Windows Sharing or you are in grave danger of being hacked.

At the moment we’re not seeing any wide-scale exploitation of this vulnerability in the real world but that doesn’t mean there won’t be in the future. Symantec are very worried about this and seem to think such attacks are imminent. I’d have to agree with them. The simple fact is that all Mac users are now more vulnerable than they need to be. Apple have no excuse for not patching this vulnerability sooner, the patch has been released by the SAMBA community for months now. Get your finger out Apple!