Mac OS X Web Hole Still An Issue, Security Firm Says

Apple has still not completely fixed the HFS+ filesystem vulnerability issue discovered last week, according to the company that first noticed it, leaving some Web servers running third-party solutions vulnerable to attack.

Security services company NetSec said Wednesday Appleis Security Update, released December 2, simply doesnit solve the problem.

The company said the update only addresses the security flaw for OS X systems running the Apache Web server, which is shipped by default. Customers using other Web servers such as 4D WebSTAR remain at risk. Additionally, users running modified versions of the Apache web server on OS X would not have received the update patch automatically, and might not be aware.

The vulnerability, said NetSec, could allow attackers to gain access to the back-end of Web sites and change online content at will.

Tom Parker, a computer security analyst with NetSec, wrote on a security message board that fixing the problem completely for Apple will not be easy and would require a complete overhaul of Mac OS Xis kernel. The kernel is the essential center of a computer operating system and provides basic services for all other parts of the operating system.