Languages

Archived - About the security content of the Mac OS X 10.5.1 Update (client and server)

This document describes the security content of the Mac OS X 10.5.1 Update (both client and server), which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

This article has been archived and is no longer updated by Apple.

Mac OS X v10.5.1 Update

  • Application Firewall

    CVE-ID: CVE-2007-4702

    Available for: Mac OS X v10.5, Mac OS X Server v10.5

    Impact: The "Block all incoming connections" setting for the firewall is misleading

    Description: The "Block all incoming connections" setting for the Application Firewall allows any process running as user "root" (UID 0) to receive incoming connections, and also allows mDNSResponder to receive connections. This could result in the unexpected exposure of network services. This update addresses the issue by more accurately describing the option as "Allow only essential services, and by limiting the processes permitted to receive incoming connections under this setting to a small fixed set of system services: configd (for DHCP and other network configuration protocols), mDNSResponder (for Bonjour), and racoon (for IPSec). The "Help" content for the Application Firewall is also updated to provide further information. This issue does not affect systems prior to Mac OS X v10.5.

  • Application Firewall

    CVE-ID: CVE-2007-4703

    Available for: Mac OS X v10.5, Mac OS X Server v10.5

    Impact: Processes running as user "root" (UID 0) cannot be blocked when the firewall is set to "Set access for specific services and applications"

    Description: The "Set access for specific services and applications" setting for the Application Firewall allows any process running as user "root" (UID 0) to receive incoming connections, even if its executable is specifically added to the list of programs and its entry in the list is marked as "Block incoming connections". This could result in the unexpected exposure of network services. This update corrects the issue so that any executable so marked is blocked. This issue does not affect systems prior to Mac OS X v10.5.

  • Application Firewall

    CVE-ID: CVE-2007-4704

    Available for: Mac OS X v10.5, Mac OS X Server v10.5

    Impact: Changes to Application Firewall settings do not affect processes started by launchd until they are restarted

    Description: When the Application Firewall settings are changed, a running process started by launchd will not be affected until it is restarted. A user might expect changes to take effect immediately and so leave their system exposed to network access. This update corrects the issue so that changes take effect immediately. This issue does not affect systems prior to Mac OS X v10.5.

Last Modified: Nov 5, 2011
Helpful?
Yes
No
  • Last Modified: Nov 5, 2011
  • Article: HT2169
  • Views:

    1285
  • Rating:
    • 20.0

    (1 Responses)

Additional Product Support Information

Start a Discussion
in Apple Support Communities
See all questions on this article See all questions I have asked