Details of a vulnerability in Mac OS X that creates a mechanism for crackers to take over vulnerable machines has been posted on the Net.

Security researcher William Carrel released details of a vulnerability (http://www.carrel.org/dhcp-vuln.html), and suggested workarounds, in advance of a fix from Apple because of what he sees as the vendor's sluggish response to the problem.

The issue stems from a flaw in Apple's Dynamic Host Configuration Protocol (DHCP (http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci213894,00.html)) client that means a user can be tricked into logging onto a rogue server. DHCP servers manage the assignment of IP addresses on a network.

If an Apple machine is booted in a hostile environment, this vulnerability means an attacker could load malicious code and take full control of a vulnerable Mac OS X workstation or server.

Exploitation is possible in both wired and wireless environments but by far the greater risk appears to come with WLANs.

The vulnerability affects Mac OS X 10.2 and 10.3 on both workstation and servers. Earlier versions of Mac OS X may also be vulnerable.

Carrel suggests a number of workarounds including preventing any network authorisation services from obtaining settings from DHCP, as explained here (http://www.carrel.org/dhcp-vuln.html).

A fix from Apple is not expected before next month at the earliest. ®

Related Stories

Apple preps second Panther OS update (http://www.theregister.co.uk/content/39/34073.html)
Panther bitten by second data damaging bug (http://www.theregister.co.uk/content/39/33769.html)
Scripting flaws pose severe risk for IE users (http://www.theregister.co.uk/content/55/34186.html)