Analysts: Apple slack in fixing DNS flaw
updated 12:20 pm EDT, Tue July 29, 2008
Apple slow on DNS bug
Apple has taken an unreasonable amount of time in fixing a DNS bug within Mac OS X, according to security consultant Rich Mogull. The bug in BIND (Berkeley Internet Name Domain) -- which has public code available for a security exploit -- was discovered in February by researcher Dan Kaminsky, and a month later, groups such as Cisco and Microsoft met to determine how to fix it. While BIND was only patched on July 8th, Apple has still had weeks to incorporate this into Mac OS, says Mogull.
"It's not sending a real good message," he complains. "If they don't patch this in a reasonable time, they're putting their customers at risk."
Apple has so far chosen not to comment on how long it has known of the DNS bug, or if and when a security update will be released. Kaminsky notes however that relatively few people run BIND on Mac OS X Server, and that those who do may not need Apple to "hold their hand" in patching BIND themselves. "If there was a huge population of people behind DNS servers running OS X, I'd be more worried. That's not a dig [against Apple], it's just a statement."
Fresh-Faced Recruit
Joined: Oct 2006
The sky is falling!
Or is it Apples? OMG! What will we ever do! Run for cover before we all die.
Because Apple computers and servers are just downright failing everywhere. My iMac, my MacBook Pro (Intel), my iPhone, my iPod Classic (160 GB) are all at risk.
Lions and Tigers and bad Apples, oh my!
I have not had a virus, Trojan horse, or security issue with ANY Apple product since OS9.
This guy can go blow it out his A$$. Apple will fix it when they get around to it. If it were important, it would have already be patched.
Show me ONE (1), just ONE, person in the wild who this has affected.