Hot Stories

Text Size

Apple resolves DNS spoofing vulnerability in 2008-005

updated 12:30 am EDT, Fri August 1, 2008

Apple solves DNS spoofs

Apple on Thursday unveiled Security Update 2008-005, offering users protection against several major vulnerabilities, some of which affect many different platforms. The most major problem solved relates to Domain Name spoofing wherein a maliciously crafted website, coming in the form of a trusted website, would be substituted, allowing it to collect a user's personal information, such as address, phone number, or credit card numbers.

Additional fixes were applied to the following: Open Scripting Architecture, CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAM, OpenSSL, PHP, QuickLook, and rsync. Most of the fixes relate to malicious arbitrary code execution, while some pertain to permission fixes.

By MacNN Staff

security, software, spoofing, DNS, Apple
Article Tags :

E-Mail

Comments (8)

Previous Comments

About freakin' time

08/01, 09:14am close reply

Wow, was it that hard, Apple? Really?

LouZer

Fresh-Faced Recruit

Joined: Nov 2000

-5

well.... sorta....

08/01, 12:48pm close reply

The update does not protect users against the DNS issue, because the DNS issue is for activated BIND servers, not clients. BIND is not activated by default on user machines. In short, what this particular fix actually fixes is Mac -servers- (or anyone who has intentionally activated BIND on their machine.)

tvalleau

Fresh-Faced Recruit

Joined: Feb 2005

That's not correct.

08/01, 01:07pm (2 replies) close reply

While DNS servers running bind are by far the main target. CERT stated that stub resolvers "AKA clients" were also at risk. I would agree that most hackers would not waste their time trying the exploit on a client. However, there is a potential for poisoning the clients DNS resolver.

bsnoel

Fresh-Faced Recruit

Joined: Feb 2006

louzer

08/01, 01:10pm close reply

"Wow, was it that hard, Apple? Really?"Maybe it was - do you think they've just been sitting on their hands?

elroth

Fresh-Faced Recruit

Joined: Jul 2006

Doesn't fix DNS clients

08/01, 01:39pm (1 reply) close reply

This patch does not resolve the DNS problem on the clients. Apple seems to have decided not to fix it.

Amdahl

Fresh-Faced Recruit

Joined: Apr 2007

Add Your Comment


User Name
Password

Not a member of the MacNN forums? Register now for free.

Apple resolves DNS spoofing vulnerability in 2008-005

updated 12:30 am EDT, Fri August 1, 2008

Apple solves DNS spoofs

By MacNN Staff

security, software, spoofing, DNS, AppleArticle Tags :

Related Articles

Recent Articles

About freakin' time

08/01, 09:14am close reply

Fresh-Faced Recruit

Joined: Nov 2000

well.... sorta....

08/01, 12:48pm close reply

Fresh-Faced Recruit

Joined: Feb 2005

That's not correct.

08/01, 01:07pm (2 replies) close reply

Fresh-Faced Recruit

Joined: Feb 2006

louzer

08/01, 01:10pm close reply

Fresh-Faced Recruit

Joined: Jul 2006

Doesn't fix DNS clients

08/01, 01:39pm (1 reply) close reply

Fresh-Faced Recruit

Joined: Apr 2007

Login Here

Recently Commented Articles

Related Forum Posts

Register for our weekly email newsletter:

Connect tools:

Subscribe

to our RSS

Follow us

on Twitter

Most Commented

Most Popular

Register for our weekly email newsletter:

Connect tools:

Subscribe

to our RSS

Follow us

on Twitter

MacNN Marketplace

security, software, spoofing, DNS, Apple
Article Tags :