Apple Still Has Not Patched the DNS Hole
Steve Shockley notes an article up at TidBITS on Apple's unexplained failure to patch the DNS vulnerability that we have been discussing for a few weeks now. "Apple uses the popular Internet Systems Consortium BIND DNS server, which was one of the first tools patched, but Apple has yet to include the fixed version in Mac OS X Server, despite being notified of vulnerability details early in the process and being informed of the coordinated patch release date."
Waiting for the port.
The problem is that they didnt apply the patch to the OS; they applied a patch directly to the Reality Distortion Field, ensuring that this isn't a vulnerability in the first place.
Wait, what?
Comment removed based on user account deletion
I would bet it's about as many as are being used as servers, which is not many.
I'm not sure. But what I do know is that the patch is going to require a hardware upgrade; Apple would have it no other way.
[runs and hides]
Either that, or a $20 charge for "new features"...
Come now, give Apple some credit. This isn't just some run-of-the-mill bug, this is a serious security issue that could cause their customers some serious harm if not fixed.
I'd expect $100 at least; or perhaps they'll introduce the innovative "iLease", with a "lease to own" path for the fixed bug where it's patched permanently on your server after only three years of monthly bug fix rental.
Trust the Computer. The Computer is your friend.
Why patch when you can tell your lawyers to issue cease and desist letters to everybody - starting with that Kaminsky guy