We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Apple's DNS patch missing vital element

Researcher says it won't fix cache poisoning error

Apple's DNS patch, which was released last week, doesn’t fix the high profile DNS cache poisoning error, according to security researchers.

The Kaminsky flaw, which was named after its discoverer IOActive's Dan Kaminsky, was first identified earlier this year and Kaminsky worked with a number of vendors including Microsoft and Cisco to develop a patch, which was released in July. However Apple was slow to follow suit and only issued its fix last week.

Andrew Storms, director of security operations for network security firm nCircle, said in a blog that the update doesn't include forcing randomisation of the query ID and the source port, which stops the ability to spoof the DNS response.

"For Apple, it matters most that they patch the client libraries since there are so few OSX recursive servers in use. The bottom line is that despite this update, it appears that the client libraries still aren't patched," he added.

Storms wasn't alone in noticing the vitial missing element of the patch. Swa Frantzen, a researcher at The Sans Institute, also noted the absence in his blog.

"So Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the protocol weakness," he said.

IDG UK Sites

Apple WWDC 2015 rumours: iOS 9, OS X 10.11, Apple TV & more

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Kung Fury VFX behind-the-scenes: how Fido blew up everything for this year's most over-the-top film

IDG UK Sites

What will Apple launch at WWDC 2015, with one week to go? Apple TV, Macs, Beats Music, iOS 9, OS X 1......