Firewall and Bon Jour Problems
Apple ships Mac OS X with a very easy-to-use firewall. On the one hand, this is great for end users because they don’t need to go through much effort to enjoy firewall protection. Unfortunately, the Mac OS X firewall has its own security problems.
First, by default, it filters only traffic on TCP ports. Traffic using UDP ports is still allowed. It is possible in Mac OS X Tiger to also enable filtering on UDP ports. However, access through the ports used by DHCP and Bon Jour (67 and 5353, respectively) remains vulnerable even with UDP filtering enabled.
Bon Jour itself offers a particularly dangerous vulnerability because it can be used to probe a system and determine the status of its security updates. This would allow a would-be attacker or piece of malware to determine specific vulnerabilities based on the information about the update. The fact that Bon Jour is not blocked by the built-in firewall exacerbates the situation.
On the plus side, Bon Jour is designed for multicast functionality and shouldn’t be accessible across network subnets. This provides some limitations on the exploitable nature of this weakness. However, computers on a single wireless network are on the same subnet, making this vulnerability an issue for anyone using a Mac on a public wireless network. It is, of course, possible to disable Bon Jour using the Directory Access utility.