Security Update 2003-03-24 Fixes Samba -- Apple has released Security Update 2003-03-24 via Software Update and as a stand-alone 4.5 MB download. The update fixes a hole that could allow unauthorized remote access to the system via the open-source Samba code that underlies Mac OS X's built-in Windows File Sharing (available from the Sharing preferences pane). Also fixed is a problem with OpenSSL that could allow RSA private keys to be compromised. Although Windows File Sharing is off by default, the update is still important, and Apple recommends that all customers install it. That's easy if you're running Mac OS X 10.2.4 or Mac OS X Server 10.2.4, but Apple says those with earlier versions of Mac OS X must either update to 10.2.4 or visit the OpenSSL and Samba Web sites for additional information on the available fixes, not that we could find any that would help a normal Mac user. Our advice? If you're not running Mac OS X 10.2.4, keep Windows File Sharing turned off. If you are, install this security update. [ACE]

<http://docs.info.apple.com/article.html? artnum=120199>
<http://www.openssl.org/>
<http://www.samba.org/>