We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Apple's DNS patch missing vital element

Researcher says it won't fix cache poisoning error

Apple's DNS patch, which was released last week, doesn’t fix the high profile DNS cache poisoning error, according to security researchers.

The Kaminsky flaw, which was named after its discoverer IOActive's Dan Kaminsky, was first identified earlier this year and Kaminsky worked with a number of vendors including Microsoft and Cisco to develop a patch, which was released in July. However Apple was slow to follow suit and only issued its fix last week.

Andrew Storms, director of security operations for network security firm nCircle, said in a blog that the update doesn't include forcing randomisation of the query ID and the source port, which stops the ability to spoof the DNS response.

"For Apple, it matters most that they patch the client libraries since there are so few OSX recursive servers in use. The bottom line is that despite this update, it appears that the client libraries still aren't patched," he added.

Storms wasn't alone in noticing the vitial missing element of the patch. Swa Frantzen, a researcher at The Sans Institute, also noted the absence in his blog.

"So Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the protocol weakness," he said.

IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......