Apple Patches Kaminsky DNS Vulnerability
Alexander Burke writes "Apple has just released Security Update 2008-005, which patches BIND against the Kaminsky DNS poisoning issue. 'This update addresses the issue by implementing source port randomization to improve resilience against cache poisoning attacks. For Mac OS X v10.4.11 systems, BIND is updated to version 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version 9.4.2-P1.' It also closes the script-based local privilege escalation vulnerabilities, the most common examples of which were ARDAgent and SecurityAgent, and addresses other less-publicized security issues as well." A few days back we noted Apple's tardiness in fixing their corner of this Net-wide issue.
"A few days back we noted Apple's tardiness in fixing their corner of this Net-wide issue." At which time they were clearly already working on it...
Maybe they just wanted to make sure that:
1. They patched it correctly, and...
2. That they didn't inadvertently introduce other problems with the patch.
Then again, how long did they know about the problem before it was publicly announced?
TLR
A man no more knows his destiny than a tea leaf knows the history of the East India Company
For the three people on the Internet that run OS X servers!