M 1.3 How to Determine if You Are at Risk
Any default or unpatched Mac OS X installations should be presumed to be vulnerable.
The following procedure will check if there are new packages available.

• Choose System Preferences from the Apple Menu.


• Choose Software Update from the View menu.


• Click Update Now.


• Check the items available

To aid in the process of vulnerability assessment, you can leverage any vulnerability scanner.

M1.4 How to Protect Against These Vulnerabilities

• Be sure to stay current and have all security updates for Apple products applied by turning on the Software Update System to automatically check for software updates released by Apple. Although different schedules are possible, we recommend that you configure it to check for updates on a weekly basis at least. For more information about how to check and run the Software Update System, see the Apple Software Updates webpage - http://www.apple.com/macosx/upgrade/softwareupdates.html


• To avoid unauthorized access to your machine, turn on the built-in personal firewall. If you have authorized services running in your machine that need external access, be sure to explicitly permit them.


• There are many excellent guides available for hardening Mac OS X. The CIS Benchmark for Mac OS X enumerates security configurations useful for hardening the Operating System. The actions suggested by the CIS Level-1 benchmarks documents are unlikely to cause any interruption of service or applications and are highly recommended to be applied on the system. Also, the Securing Mac OS X 10.4 Tiger white paper examines security features and hardening of Mac OS X.