Apple issues patch for critical DNS flaw
Published: 01 Aug 2008 08:19 BST
Apple released a security update on Thursday to users of its Tiger and Leopard operating systems to address a critical and well-publicised Domain Name System flaw, along with a dozen other updates.
The DNS flaw, which was first publicised by Dan Kaminsky of IOActive on 8 July, could allow attackers to redirect website visitors to any site they choose and present forged information. The DNS translates the common name of a website into its numerical IP address, and is therefore a fundamental component to the internet.
Read this
Comment: The man who transformed internet security
When security researcher Dan Kaminsky discovered a potentially disastrous flaw within the Domain Name System, his measured response led to the biggest-ever multiparty patch release
During the second pre-Black Hat security conference Webinar on 24 July, Kaminsky provided the most information to date about the DNS flaw he found earlier this year but only disclosed in public on 8 July. His announcement coincided with a massive, multi-vendor patch release. But he withheld details, hoping most people would get their systems patched before malicious parties were able to use it.
However, an exploit code that could allow someone to attack the DNS was available in various places on the internet on 23 July .
Apple's update also fixes a QuickLook bug where loading a malicious Microsoft Office file could lead to 'arbitrary code execution'.
Apple recommends Security update 2008-005 for all systems running Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4. The update is available at Apple.com or through the update mechanism in OS X.
Credit: Apple releases patch for critical DNS flaw from CNET News
Did you find this article useful?
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
