OS X :: Apple Addresses File Sharing Security In Mac 10.6.4?
Sep 20, 2010
Apple on Monday issued a security update for Mac OS X 10.6.4, addressing an issue that could allow a remote attacker to access shared folders without a valid password. Security Update 2010-006 was issued Monday afternoon. It applies to Mac oS X 10.6.4 and Mac OS X Server. 10.6.4. The 1.93MB file is available through Software Update or direct from Apple. The security update is recommended for all users of Snow Leopard, and it addresses an issue where a remote attacker could access shared folders on a system, as long as they knew the name of an account name on that system. By default, file sharing is not enabled on a Mac, meaning the issue would only affect those who have the service turned on. The original problem was caused by an error handling issue in AFP Server within Mac OS X 10.6.4. The issue does not affect systems running a version of the operating system earlier than Snow Leopard.
I've been using my MacMini as a server to backup and sync several Macs on my local LAN but recently I found the need to access certain files outside my LAN. That said, I set my router to forward ports 548, 9, and 5900 (file sharing, WOL, and screen sharing, respectively) to my MacMini. This has actually worked rather well for me -- other than WOL. So in an attempt to diagnose the WOL issue I started probing my router's incoming logs (to see if I can successfully send a WOL magic packet from outside my network) and thats when I noticed a few random IPs probing port 5900. So my question is, what are some security measures that I can take in order to prevent someone form accessing my MacMini from the open ports? In theory couldn't a simple program attempt to repeatedly connect to a port and brute force a password? Excuse my naivety with networking, but I'm a little concerned. I did some searching but I couldn't find anything substantial on the forums.
The last security update I downloaded maybe a month ago totally wiped out a 10 Gb encrypted .dmg file I made with Disk Utility. Disk Utility can't find it. It's gone. Is there a way to recover it?
Info: PowerBook G4 (17-inch Double Layer SD), Mac OS X (10.6.8)
This was a big selling point of the service -- being able to send direct links to people via email to allow them to download files from your iDisk (like [URL]). Not only is it not there, but according to a thread on Apple Support, Apple has removed the video presentation of the feature from the web site.
how to enable Web Sharing, but I want to make it so that only certain people can access the shared directory. How can I make it so that users can get a password prompt and then see ALL files in my Users>myname>Sites folder? I see several complicated methods on the web on how to enable a password prompt for users coming to look at a file, but is there somewhere a simpler way to make this password-protected? BTW, I started the process, and was able to open httpd.conf using terminal, but, after I changed AllowOverride None to AllowOverride All, I was not able to save the file, even though I have Snow Leopard 10.6.8, which supposedly allows changes to httpd.conf.Â
Info: iMac 2GHz 2 Intel Core 2 Duo, Mac OS X (10.6.4)
How does Apple Server work?Is it possible to just use the file sharing feature?I would like to set up a file sharing service similar to dropbox where users log in and can see there files as well as files that everyone can access. How do I set up the server is it run off my "computer" that acts as a server for the company?
I have just purchased a new iMac with Leopard. I already own a MBP with Tiger and I am trying to shares files between the two. The MBP connects to iMac and shows files easy as...however I have enabled sharing on iMac when I choose Network it recognises the MBP but always says connecting and after a few minutes shows connection failed.
I have two users defined on my macbook (one is New, and the other one, the Old one, is what I've always had).I was re-configuring File Sharing on the Old user.I turned files sahring off in the Old User, but when I log into the New, I can still acess to some folders that I have never set to be shared; only few folders have the red restricted access on it. The New User does have file sharing disabled, and non of its folder can be accessed; so, it's working Ok for this New User.Â
i want to set up internet-sharing network via macbook pro. before this i can setup WEP security password with minimum 8 characters . but now the WEP is gone. It left the security type only to none and WPA2 Personal. How can I set or get back the WEP security back?
Info: MacBook Pro, Mac OS X (10.7.3), mountain lion osx
I run a site and accept paypal as a payment. Sometimes i have bad customers and try and open disputes "unauthorised use" after they receive the item. Obviously i dont want to deal with these people again and paypal dont allow you to block them in future.
But wondered if there was any tools in apple mail that highlights a customers email address so i know they are old customers who caused me trouble. Obviously i wont be able to remember all their email address. But it would be nice if there was a way to filter or highlight the email address so i know to refund them and not deal with them
I have one IMAP email account and setup various email aliases. I used for each alias also a sender name. I tried to setup different sender email addresses and names in Apple Mail but did not succeed.
I was only able to add a comma separate list o email addresses to one account but not different sender names for each email address.
BTW, I also can't setup different accounts for each email address because they share the same IMAP Mail Server with the same account username and password.
I work for a Dorset school and have a whole suite of iMacs and a number of iPads. I would like to further stimulate my pupils with a few Apple posters etc. Does anyone know if there is a contract email or address for those in the company who might help with this?
I have had this issue with my address book for a while in that it creates new entries with just an email address as the actual entry and then hundreds of other email addresses from address book as this entry's additional email addresses.Â
At the same time I had an issue with Apple Mail that I thought was unrelated but now I am not that sure anymore. When I turn Apple Mail on, it sends out emails that look like an endless chain of responses (spam) to the same email that advertises all kinds of stuff.Â
When I first noticed the issue I turned Mail off (a year ago). After updating to Lion I tried to use mail again but had the same issue and have not been using it since. But I appear to still find new entries in my address book all the time.Â
I ran some software (ClamX) but wasn't able to find any malware so far. I can't imagine someone hacking into my machine and doing all this my hand. For what?Â
So I am wondering whether anyone has had similar symptoms on their Mac?
I have had an iTunes account now for about 4 years and now all of a sudden when trying to download an app on my itiuch it is asking me to set up 3 security questions and a backup email? Is there a change in Apple Security or something?
Info: iMac 27, Mac OS X (10.6.8), 2.8Ghz Intel Quad Core i7 / 8GB / 1TB
I have a bunch of highly confidential business files, to which I need to provide one of the staff in my office access. I do trust the person, otherwise I wouldn't think about providing them access in the first place, but as a security measure, are any of the following possible?
- Preventing the possibility of being able to copy and paste the file from Finder into a USB key. I need the file to be readable and writable, but would like to make sure it does not leave my computer. - Logging a user's activity. I've looked into parental controls, and I've looked into the Console, but one is too limited (sites only) and Console is too complicated. I want to have a quick overview of what's going on. Simply put, I probably will never look at this log, unless that staff member leaves the company.
I'd think this was worthy of Page 1 mention, although the track record of this site regarding news that can be considered "negative" towards Apple certainly leans toward the fanboy side. Regardless, here it is: [URL] I for one am not going to bother. When my OS X is getting the same amount of viruses, trojans, and spyware that my last Windows machine had when I abandoned it, that's the day I switch to Linux. The built-in security of OS X was half the reason I switched in the first place.
Apple released a Mac OS X security update Tuesday that fixes a critical PDF vulnerability.The update, labeled Security Update 2010-005, addresses a "heap buffer overflow" in the way CoreGraphics handles PDF files. The vulnerability could allow "unexpected application termination or arbitrary code execution" through a malicious PDF file.
It is unclear whether this fix is related to the PDF exploit on iOS 4 that allowed hackers to jailbreak the iPhone. Apple released an update on August 11 that addressed the iOS PDF exploit.Security Update 2010-005 also patches a "stack buffer overflow" that would allow arbitrary code execution through a malicious embedded font. Both the PDF and the font vulnerabilities are fixed through "improved bounds checking."
Also included in the update are several routine fixes to network security flaws.The update affects Mac OS X Server 10.5, Mac OS X 10.5.8 , Mac OS X Server 10.6 , and Mac OS X 10.6.4.
I can't install an application from the net because of some Apple security block. How do I remove or get around the block? The instructions say to double click the application and all that happenes is that I get the same window saying I can't install.Â
Apple on Wednesday afternoon released version 3.1.1 of its Safari web browser to address a handful of security issues, including one widely publicized vulnerability that allowed a MacBook Air to be compromised during a recent security conference.
The 39MB release, available for both Macs and Windows PCs, is recommended for all Safari users and includes improvements to stability, compatibility and security.
Specifically, Apple said the update patches four security issues, including a heap buffer overflow that existed within the browser's WebKit framework for handling JavaScript regular expressions.
The issue was reported by Charlie Miller, who discovered and exploited the vulnerability on a MacBook Air to win a $10,000 prize at last month's CanSecWest security conference.
The Safari 3.1.1 update also addressed a second issue within WebKit's handling of URLs containing a colon character in the host name. By exploiting that vulnerability, a hacker could use a maliciously crafted URL to lead a cross-site scripting attack, Apple said.
Two other issues with the Safari application itself were also addressed, though they concerned only the PC version of the browser. One of those issues made it possible for a maliciously crafted website to control the contents of a user's address bar, while the other made it possible for maliciously crafted website to cause arbitrary code execution or the Safari application to unexpectedly quit. 

I just found out that Apple is no longer providing security updates on Mac OS X 10.5. What can I do to keep my comupter safe? I bought my laptop in Sept. '08 and I am not inclined to fork over a couple of thousand dollars when I have a perfectly functioning laptop.
My computer was locked by a pop-up that resembled safari. It had "applesecurity" and a phone number to call. I removed it by reading through the community. How can I determine if malware was installed on my computer? From what I read it doesn't seem like a good idea to install anti-virus software.
Apple on Wednesday afternoon issued a number of updates, addressing high processor usage and other glitches in its 27-inch iMac, as well as various security updates for Mac OS X 10.6 Snow Leopard and Mac OS X 10.5 Leopard.
27-inch iMac updates
Two updates released Wednesday address issues with the 27-inch big screen iMac, released in October 2009.
"27-inch iMac EFI FW Update 1.0" is recommended for all systems with quad-core Intel Core i5 and Core i7 processors. The update resolves an issue that caused high processor utilization when playing audio through the headphone output, and fixes a problem that prevented the display backlight from turning on after powering on the iMac.
The 2.1MB update is available for download from Apple. It requires Mac OS X 10.6.3 or later.
"27-inch iMac SMC Firmware Update 1.0" fixes Target Display Mode compatibility issues on the 27-inch desktop iMac. The 397KB update also requires Mac OS X 10.6.3 or later.
