We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

DNS patch finally released by Apple

Computer giant slow to react to dangerous bug

A patch that will fix the Berkeley Internet Name Domain (BIND) DNS server flaw has been released by Apple.

Apple announced the release of the fix in a security advisory saying that the patch would fix the vulnerabilities Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4 and Mac OS X Server v10.5.4.

The DNS flaw allows an attacker to execute a cache poisoning attack, where traffic to a legitimate domain name is redirected to a malicious one after an attack on a DNS server. The user can type in the correct name for a website, but get a fake one instead, which can enable a phishing attack. While some users might notice if they're directed to an odd-looking webpage, many people could be successfully fooled.

Apple is among a handful of companies that security experts have said moved far too slowly in reacting to the DNS bug. Other vendors, including Cisco and Microsoft, had patches ready when the existence of the flaw was disclosed on July 8. But some network administrators have reported compatibility problems with those early patches.

ISPs and major vendors with either DNS software or DNS services applied patches after the flaw's discoverer, security researcher Dan Kaminsky, coordinated a secret patching effort.

Details of how to exploit the flaw were eventually leaked on July 21, making those with still-unpatched systems especially vulnerable.

Many ISPs still have not patched their systems, and Kaminsky said those companies are moving far too slow given the danger the vulnerability poses. Some attacks have been reported.

Apple has also wrapped a dozen other fixes in the security update. The fixes can be downloaded individually or the 'software update' feature can be used in OS X to download the whole batch.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews


IDG UK Sites

Windows 9 release date, price, features: Windows 9 beta leaked ahead of 30 September unveiling

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

The Samsung Gear VR is better than the Oculus Rift (kinda)

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...