Mac OS X has a security vulnerability in one of its open-source components, according to Symantec. But the flaw only affects users that have turned on Windows Sharing, which is switched off by default.

According to Symantec's DeepSight Threat Analyst Team, the version of Samba (3.0.10) that ships with Mac OS X is open to a Request Multiple Heap-Based Buffer Overflow vulnerability. This issue affects all versions of Samba prior to version 3.0.25, which is currently available for download.

Symantec noted that Apple last updated Samba as part of its Security Update 2005-003.

Samba is an open source suite that provides file and print services to SMB/CIFS clients. The technology enables interoperability between Linux/Unix servers and Windows clients.

Symantec recommends all Mac users that require Windows Sharing update their Macs with the latest version of Samba. If that is not possible, they recommend disabling Samba completely.