Apple's block-all firewall not as advertised

The Cupertino company has admitted that a setting in its firewall application in Mac OS X Leopard to "block all incoming connections" isn't exactly true. Shortly after Leopard hit the streets, independent researchers took issue with its claims about its new firewall. Researchers at Heise Security said that the application was still allowing certain types of connections to come through.

In its first update to Mac OS X 10.5, Apple admitted that Heise was right, saying the setting "allows any process running as user 'root' (UID 0) to receive incoming connections, and also allows mDNSResponder to receive connections. This could result in the unexpected exposure of network services." The fix does not close down these holes, but rewords the option within the firewall to "allow only essential services." Additionally, it will limit the incoming connections when users select this setting to only a small subset of system services.