Apple Computer has issued a security update that, among other fixes, closes a hole in Mac OS X that could have allowed hackers to take control of a computer under particular circumstances. The patch, which the manufacturer released on Friday, essentially changes the default settings for connecting to a Dynamic Host Communication Protocol (DHCP) server on Mac OS X 10.2.8. (aka "Jaguar"), Mac OS X 10.3.2 (aka "Panther") and the corresponding server versions of these operating systems.
A DHCP server assigns a TCP/IP address to a computer and, under the earlier default settings, a Mac running one of the above-listed OSes would accept data from DHCP servers found on a local area network. If a hacker inserted a malicious DHCP server on a local network, he or she could then exploit Apple"s earlier default setting to embed malicious software on a computer or use the computer as a drone for coordinated attacks on other systems. An Apple representative said the probability of a hack occurring was low, because the hacker would have to be an insider.
But William Carrel, a Mac user who runs a Mac security site, said an outside hacker who broke into a corporate network could add a DHCP server to that network. At that point, the outsider could take complete control of unpatched desktops.