Canadian Mac Forums at ehMac banner
1 - 7 of 7 Posts

·
Premium Member
Joined
·
9,103 Posts
Discussion Starter · #1 ·
Security experts are warning of an issue within Adobe CS3's Version Cue application which can disable a Mac's built-in firewall.

An alert from the experts at Secunia warns that Adobe Version Cue disables a Mac's firewall when it is installed. It does so in order to set certain ports up for "controlled access through the firewall", the experts said.

The probelm is that the installer doesn't re-enable the firewall once installation is complete, leaving certain system services vulnerable to attacks.

The security issue is reported in Adobe Version Cue CS3 Server, installed as part of Adobe Creative Suite 3 Design Premium, Design Standard, Web Premium, or Web Standard editions, Secunia explains.

There is a simple fix to the flaw, which is rated as "less critical" – users simply need to re-enable their Mac OS X firewall in System Preferences once installation is complete.


Mac firewall security flaw in Adobe CS3 - ProCreative - Macworld UK

I'm rather surprised that an application can simply turn off the firewall without any red flags to the user.
Any comments?
 

·
Premium Member
Joined
·
3,363 Posts
yes. this is not acceptable to me as a user. no application should be able to do this. the installer should give written instructions to the person running the installation.
 

·
Premium Member
Joined
·
9,103 Posts
Discussion Starter · #4 ·
Do you not have to authenticate to begin the installation process? If so that would be your answer.
Well yes.

But I certainly wouldn't check my firewall to see if the application I installed disabled it. That's what seems to be happening here.

I'm surprised that MacWorld considers this a minor issue. Sure - it's easy enough to fix if you know about it.

I don't use this application, so I can't test what is actually happening. I would expect OS X to at least bring up a big warning message if anything turns off the firewall.
Wonder if this also happens when you lock the firewall settings to prevent changes being made there.
 

·
Registered
Joined
·
213 Posts
Well yes.

But I certainly wouldn't check my firewall to see if the application I installed disabled it. That's what seems to be happening here.
I am certainly not disputing the fact that this is unacceptable, however its more so Adobes fault then Apples. Because Adobes installer is asking for authentication and when you enter your password (if any) and click ok then you are essentially granting the application unrestricted access to the system at that point. And you accept the consequences that could occur as a result. Users have to understand that software is volatile.


Wonder if this also happens when you lock the firewall settings to prevent changes being made there.
Good question:confused: This is definitely worth investigating! I have that option turned on in the security preference. "Require password to unlock each secure system preference."

It is very much appreciated that you have brought this information forward.
 
G

·
I'm surprised they haven't updated this one yet. It's a super simple fix on their part (one line missing in their postflight script).
 
1 - 7 of 7 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top