Slashdot Mirror


Apple Patches Kaminsky DNS Vulnerability

Alexander Burke writes "Apple has just released Security Update 2008-005, which patches BIND against the Kaminsky DNS poisoning issue. 'This update addresses the issue by implementing source port randomization to improve resilience against cache poisoning attacks. For Mac OS X v10.4.11 systems, BIND is updated to version 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version 9.4.2-P1.' It also closes the script-based local privilege escalation vulnerabilities, the most common examples of which were ARDAgent and SecurityAgent, and addresses other less-publicized security issues as well." A few days back we noted Apple's tardiness in fixing their corner of this Net-wide issue.

4 of 89 comments (clear)

  1. Re:They might have been slow... by imamac · · Score: -1, Redundant

    "A few days back we noted Apple's tardiness in fixing their corner of this Net-wide issue." At which time they were clearly already working on it...

  2. Why So Long? by Gallenod · · Score: -1, Redundant

    Maybe they just wanted to make sure that:

    1. They patched it correctly, and...

    2. That they didn't inadvertently introduce other problems with the patch.

    Then again, how long did they know about the problem before it was publicly announced?

    --

    TLR

    A man no more knows his destiny than a tea leaf knows the history of the East India Company
    1. Re:Why So Long? by djveer · · Score: 0, Redundant

      I agree there had to be a reason why Apple was so late in delivering this update. My guess was that they wanted to make absolutely sure they didn't break anything in OS X in the process.

      Just curious though, does the BIND daemon run only on OS X Server or is it running on the version for laptops and desktops too?

  3. This is Wonderful News by Anonymous Coward · · Score: 0, Redundant

    For the three people on the Internet that run OS X servers!