We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,131 News Articles

Apple's DNS patch missing vital element

Researcher says it won't fix cache poisoning error

Apple's DNS patch, which was released last week, doesn’t fix the high profile DNS cache poisoning error, according to security researchers.

The Kaminsky flaw, which was named after its discoverer IOActive's Dan Kaminsky, was first identified earlier this year and Kaminsky worked with a number of vendors including Microsoft and Cisco to develop a patch, which was released in July. However Apple was slow to follow suit and only issued its fix last week.

Andrew Storms, director of security operations for network security firm nCircle, said in a blog that the update doesn't include forcing randomisation of the query ID and the source port, which stops the ability to spoof the DNS response.

"For Apple, it matters most that they patch the client libraries since there are so few OSX recursive servers in use. The bottom line is that despite this update, it appears that the client libraries still aren't patched," he added.

Storms wasn't alone in noticing the vitial missing element of the patch. Swa Frantzen, a researcher at The Sans Institute, also noted the absence in his blog.

"So Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the protocol weakness," he said.

IDG UK Sites

OnePlus Two release date rumours: Something's happening on 22 July

IDG UK Sites

13in MacBook Air review, Apple's MacBook Air 2014 reviewed

IDG UK Sites

5 reasons to buy an electric car and 5 reasons not to

IDG UK Sites

Just graduated? Learn all you need to know to kickstart your career in our Creative Graduate Guide