A security research firm, Heise Security, is criticizing Leopard’s security, or more specifically, the system’s firewall.

The firm was highly critical and declared that the firewall failed every test. The tests revolved around Apple’s default configuration and whether the firewall configured correctly due to user input.

According to them, Leopard’s firewall is not activated by default and, even when activated, it does not behave as one should expect. Network connections to non-authorised services can still be established and even under “Block all incoming connections” , the most restrictive setting, it still allows access to system services from the internet.

Apply acknowledges that the system services that it communicated with in its tests did not seem immediately prone to exploit.

This entry was posted on Thursday, October 8th, 2009 at 9:41 pm and is filed under Apple. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.