NetSec Warns of New Vulnerability

NetSec (www.netsec.net), an industry leading managed security services provider, today announced that a new vulnerability has been detected on the Apple Mac operating system.

The NetSec Security Operations Center (SOC) has identified a remotely exploitable security flaw that may negatively impact systems worldwide. This alert is designed to increase awareness of a vulnerability affecting systems running the Apple Mac OS X (Darwin) operating system.

At this time, NetSec is not aware of widespread exploitation affecting vulnerable systems. NetSec Managed Security Services (MSS) customers were protected by customized intrusion detection/prevention signatures on supported platforms week commencing November 14, 2004.

This vulnerability exists in the legacy HFS+ file system implementation. The Apple Security Update does not remedy the vulnerability present in the file system driver. It is possible to exploit this vulnerability through non-Apple web server applications.

Although several exploitation scenarios were described above, the list is by no means exhaustive. NetSec recommends that customers with Apple Mac OS X servers providing services to the internet ensure best practices are implemented for those systems until the vendor publicly releases a fix.

NetSec is a leading provider of managed security services for global corporations and government agencies. With a vendor-neutral approach to the lifecycle security needs of a customer, NetSec offers a suite of security services powered by Finium, a co-managed platform driven by flexible technologies, proven processes and expert staff; operated via a disaster-resilient Security Operations Center.

Finium integrates threat, vulnerability and event information via a centralised, secure Web Console, enabling analysts and managers to better manage security as part of their business.