Apple fixes Xsan security flaw


Apple fixes Xsan security flaw

Bill Brenner, Senior News Writer

Apple Computer Inc. has fixed a security flaw attackers could exploit in its Xsan file system software to launch malicious code or crash vulnerable machines.

The flaw is of particular concern to enterprises that use Apple's

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

latest operating system, as Xsan enables the creation of an enterprise-class storage area network (SAN) for the Mac OS X operating system and the Mac OS X Server.

The Cupertino, Calif.-based vendor said the application fails to do a proper bounds check of user-supplied input before copying it into an insufficiently sized buffer. The vulnerability presents itself at the file system driver when certain unspecified path names are processed.

"A malicious user with write access to an Xsan volume may be able to trigger the overflow on systems directly attached to Xsan," Apple said. "This could lead to a system crash or arbitrary code execution with system privileges."

Apple said the problem is fixed in the newly released version 1.4 by performing additional validation of path names.

Cupertino, Calif.-based antivirus giant Symantec Corp. analyzed the problem and, in an advisory sent to customers of its DeepSight Threat Management Service, said, "This issue may allow remote attackers to execute arbitrary machine code with system privileges on computers directly attached to the vulnerable file system. Failed exploit attempts will likely result in a system crash, denying service to legitimate users."

While Apple has fixed the problem with the release of version 1.4, Symantec said customers can mitigate the effects of the flaw by:

  • Not accepting, opening or executing files from untrusted or unknown sources.
  • Permitting privileged access for trusted individuals only.
  • Disabling unnecessary permissions to untrusted users. Since the flaw requires write access to the file system, this measure would reduce the likelihood of successful exploits.
  • Implementing multiple redundant layers of security.

    Apple credited Andrew Wellington of the Australian National University with discovering and reporting the issue.