It’s been a while, but another security flaw in the little-used IPv6 protocol set has opened up a security hole in Mac OS X. As documented here previously, IPv6 is the “next generation” of Internet protocols, but is currently used mainly in just a few research environments. As documented by CERT, a flaw in the open source implementation of IPv6 used in Mac OS X “may allow an attacker to cause a vulnerable system to crash.”

To date, it’s pretty clear the security risks of IPv6 have significantly outweighed its benefits as far as “the Rest of Us” are concerned. In particular, last year Apple shipped its new AirPort Extreme base station with a default but undocumented configuration that exposed the machines connected to it to a public IPv6 Internet. Apple quickly corrected this problem.

At some point a day will come when IPv6 proves useful to us normal Mac users. Until that day however, you should disable IPv6 access to your Mac, either through your firewall if it supports doing so (our DoorStop X Firewall does, although the Mac OS X built-in firewalls do not), or through the Network System Preference panel.