To many Mac users, the recent news report of an Apple OS X security vulnerability seemed like an anomaly. While Windows users are greeted almost weekly with a new virus or worm, OS X users tend to view their systems as impervious to such concerns. The steady stream of Windows bugs is a phenomenon far removed from their computing experience -- or so it seems. But the late February security report cast Apple in a new light.
Chris Adams, a systems administrator in San Diego, discovered a flaw in the Apple Filing Protocol (AFP), a tool in OS X 10.3, code-named "Panther." AFP enables a secure connection using the secure shell (SSH) protocol. The flaw is in AFP"s warning mechanism: Users may request a secure connection, but Panther will not warn users if the connection is in fact not a secure one. So, a user may send sensitive information -- like passwords -- on an insecure connection, not knowing that they are using an easily hacked protocol.