Apple Patches Kaminsky DNS Vulnerability

Posted by kdawson on Friday August 1, 2008 @12:48AM from the cache-me-if-you-can dept.

Alexander Burke writes "Apple has just released Security Update 2008-005, which patches BIND against the Kaminsky DNS poisoning issue. 'This update addresses the issue by implementing source port randomization to improve resilience against cache poisoning attacks. For Mac OS X v10.4.11 systems, BIND is updated to version 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version 9.4.2-P1.' It also closes the script-based local privilege escalation vulnerabilities, the most common examples of which were ARDAgent and SecurityAgent, and addresses other less-publicized security issues as well." A few days back we noted Apple's tardiness in fixing their corner of this Net-wide issue.

2 of 89 comments (clear)

Min score:

Reason:

Sort:

Maybe they took the time to get it right? by homesnatch · 2008-08-01 01:11 · Score: 5, Interesting

Someone mentioned that Apple's delay was due to the patch causing a problem with some environment... Maybe Apple had to take the extra time to get it right.
I would have preferred that Redhat did as well... The Redhat ES 4 patch for BIND left a couple of my DNS domains offline for a few hours.
DNS patch causes BIND blunder by MacColossus · 2008-08-01 02:40 · Score: 5, Interesting

http://www.zdnet.com.au/news/security/soa/DNS-patch-causes-BIND-blunder/0,130061744,339290928,00.htm Could this have been what took Apple so long? Not as entertaining as posting "Apple sucks", but worth a look nonetheless.