toggle

AAPL Stock: 423 ( -8.77 )

http://www.macnn.com/articles/08/08/01/apple.solves.dns.spoofs/

Apple resolves DNS spoofing vulnerability in 2008-005

updated 12:30 am EDT, Fri August 1, 2008

 

Apple solves DNS spoofs


Apple on Thursday unveiled Security Update 2008-005, offering users protection against several major vulnerabilities, some of which affect many different platforms. The most major problem solved relates to Domain Name spoofing wherein a maliciously crafted website, coming in the form of a trusted website, would be substituted, allowing it to collect a user's personal information, such as address, phone number, or credit card numbers.

Additional fixes were applied to the following: Open Scripting Architecture, CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAM, OpenSSL, PHP, QuickLook, and rsync. Most of the fixes relate to malicious arbitrary code execution, while some pertain to permission fixes.


by MacNN Staff

Post tools:

TAGS :

 security, software, spoofing, DNS, Apple

Related Articles

Recent Articles

toggle

Comments

  1. LouZer

    Fresh-Faced Recruit

    Joined: Nov 2000

    -5
    08/01, 09:14am | report spam | Reply |

    About freakin' time

    Wow, was it that hard, Apple? Really?

  1. tvalleau

    Fresh-Faced Recruit

    Joined: Feb 2005

    +1
    08/01, 12:48pm | report spam | Reply |

    well.... sorta....

    The update does not protect users against the DNS issue, because the DNS issue is for activated BIND servers, not clients. BIND is not activated by default on user machines. In short, what this particular fix actually fixes is Mac -servers- (or anyone who has intentionally activated BIND on their machine.)

  1. bsnoel

    Fresh-Faced Recruit

    Joined: Feb 2006

    +4
    08/01, 01:07pm | report spam | (2 replies) Reply |

    That's not correct.

    While DNS servers running bind are by far the main target. CERT stated that stub resolvers "AKA clients" were also at risk. I would agree that most hackers would not waste their time trying the exploit on a client. However, there is a potential for poisoning the clients DNS resolver.

  1. elroth

    Fresh-Faced Recruit

    Joined: Jul 2006

    +2
    08/01, 01:10pm | report spam | Reply |

    louzer

    "Wow, was it that hard, Apple? Really?"Maybe it was - do you think they've just been sitting on their hands?

  1. Amdahl

    Fresh-Faced Recruit

    Joined: Apr 2007

    +1
    08/01, 01:39pm | report spam | (1 reply) Reply |

    Doesn't fix DNS clients

    This patch does not resolve the DNS problem on the clients. Apple seems to have decided not to fix it.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Logitech FabricSkin Keyboard Folio for iPad

Since the fourth-generation iPad didn't evolve much over its predecessor, the market for iPad accessories has remained somewhat static ...

Huawei Ascend Mate

The Huawei Ascend Mate is a phone that fits the screen-size gap between the 4 to 5-inch smartphone and the seven-inch or more tablet, ...

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

toggle

Most Commented

 

Popular News