OS X 10.5.1 has been released to address criticism of the built in firewall operation, specifically with handling of incoming connections when the 'Block all incoming connections' option is selected (various root level services would still accept incoming connections). The fix provides clearer indication of what services are going to permit connections, and why. The patch also addresses an issue where firewall changes may not be immediately applied due to launchd services. This behaviour has been changed.

Description:

Apple Inc have released version 10.5.1 of their latest Operating System version (10.5 - Leopard), addressing a number of criticisms that were levelled at the built-in firewall provided with the default operating system.

Specifically, the patch provides clearer guidance on what services (and why) will continue to accept connections even when 'block all incoming connections' has been selected. It also ensures that firewall changes are immediately applied, where before they may not immediately take effect due to system services already running.

Mitigation:

Update to OS X 10.5.1 either through the Software Update application in the Apple Menu, or through the download link below.

Updates:

http://www.apple.com/support/downloads/

Source:

http://docs.info.apple.com/article.html?artnum=61798

Exploits:

CVE-ID: CVE-2007-4702 (Application Firewall) CVE-ID: CVE-2007-4703 (Application Firewall) CVE-ID: CVE-2007-4704 (Application Firewall)