X

Security Update 2008-005 released, closes DNS hole

Apple has released Security Update 2008-005, which resolves a widely reported BIND DNS issue that could result in cache poisoning attacks from remote attackers.

CNET staff
See full bio
CNET staff
2 min read

Apple has released Security Update 2008-005, which resolves a widely reported BIND DNS issue that could result in cache poisoning attacks from remote attackers.

The update closes these specific security vulnerabilities, among others:

  • A local user may execute commands with elevated privileges: "A design issue exists in the Open Scripting Architecture libraries when determining whether to load scripting addition plugins into applications running with elevated privileges."
  • BIND is susceptible to DNS cache poisoning and may return forged information "The Berkeley Internet Name Domain (BIND) server is distributed with Mac OS X, and is not enabled by default. When enabled, the BIND server provides translation between host names and IP addresses. A weakness in the DNS protocol may allow remote attackers to perform DNS cache poisoning attacks. As a result, systems that rely on the BIND server for DNS may receive forged information."
  • Processing long filenames may lead to an unexpected application termination or arbitrary code execution. "A stack buffer overflow exists in the handling of long filenames. Processing long filenames may lead to an unexpected application termination or arbitrary code execution."
  • Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. "CoreGraphics contains memory corruption issues in the processing of arguments."
  • Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution "An integer overflow in the handling of PDF files may result in a heap buffer overflow. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution."

Problems after updating? Please let us know.

Resources

  • Security Update 2008-005 (Leopard [Intel and PowerPC]) [65MB]
  • Security Update 2008-005 (Intel for Mac OS X 10.4.11) [143MB]
  • Security Update 2008-005 (PPC) [88MB]
  • Security Update 2008-005 Server (PPC) [135MB]
  • Security Update 2008-005 Server (Intel) [180MB]
  • let us know
  • More from Late-Breakers

    • Computing Guides

    Laptops
    Desktops & Monitors
    Computer Accessories
    Photography
    Tablets & E-Readers
    3D Printers
    Computing Coupons