Apple releases patch for critical DNS flaw

Apple releases a security update for its Tiger and Leopard operating systems to patch a critical Domain Name System flaw, along with a dozen other updates.

Apple released a security update Thursday to users of its Tiger and Leopard operating systems to address a critical and well-publicized Domain Name System flaw, along with a dozen other updates.

The DNS flaw, which was first reported by Dan Kaminsky of IOActive on July 8, could allow attackers to redirect Web site visitors to any site they choose and present forged information. The DNS translates the common name of a Web site into its numerical IP address, and is therefore a fundamental component to the Internet.

During the second pre-Black Hat security conference Webinar on July 24, Kaminsky provided the most information to date about the DNS flaw he found earlier this year but only disclosed in public on July 8. His announcement coincided with a massive, multivendor patch release . But he withheld details, hoping that most people would get their systems patched before the bad guys got a hold of it.

However, an exploit code that could allow someone to attack the DNS was available in various places on the Internet on July 23.

Apple's update also fixes a QuickLook bug where loading a malicious Microsoft Office file could lead to "arbitrary code execution."

Apple recommends Security update 2008-005 for all systems running Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4. The update is available at Apple.com or through the update mechanism in OS X.

 

ARTICLE DISCUSSION

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

CNET's giving away a 3D printer

Enter for a chance to win* the MakerBot Replicator 3D Printer and all the supplies you need to get started.