Home > Mac OS X > Apple Issues Patch for Mac OS X holeApple Issues Patch for Mac OS X hole Eugenia Loli 2003-12-23 Mac OS X 6 CommentsApple Computer has issued a security update that, among other fixes, closes a hole in Mac OS X that could have allowed hackers to take control of a computer under particular circumstances.About The Author Eugenia LoliEx-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.Follow me on Twitter @EugeniaLoli 6 Comments 2003-12-23 8:18 pm Yeah yeah, it was the worst security hole yet, and it only worked under particular circumstances, NOTE “particular circumstances”, not all like MS security holes. Didn’t this security hole mean that a server needed to be hacked first? And isn’t getting your server hacked the worst thing that can happen, and wouldn’t it mean that all computers on that net are vulnerable, not just Macs, for many ways of attacking. Also, that server would have to be a Windows or Linux box that was hacked in the sense that it was hacked, or just a cracker getting his/her hands on a password for any server, then a person could carry this out, and much worst than just getting into macs. 2003-12-23 9:28 pm Calm down, Brando. So OSX has a security hole and you seem personally offended that it happened. What’s up with that?It’s not necessary to rigorously defend your OS when it has security problems – if us Windows users did that, we’d never get any sleep All OS’s will have security flaws at some point, so just relax and go outside .. it’s probably sunny. 2003-12-23 10:45 pm as long as Apple is fast and proactive about fixing these security issues that will make me happy 2003-12-24 12:35 am I really hope you are joking ;( 2003-12-24 4:42 am somehow after the panther release i feel that the exploits os x has encountered happended year(s) ago for windows 2003-12-24 6:18 am “that could have allowed hackers to take control of a computer under particular circumstances.”What does that mean?I guess the DHCP client by default will pull a remote authentication LDAP server from DHCP. Exploiting would require getting the client to pull its DHCP settings from a rogue DHCP server.The workaround is:in Directory Access, select LDAPv3 in the Services tab, click “Configure…”, uncheck “Use DHCP-supplied LDAP Server”more info here:http://www.carrel.org/dhcp-vuln.htmlNot really a big deal.