macnn

08/01/2008, 12:30am, EDT

Friday, August 1st

Apple resolves DNS spoofing vulnerability in 2008-005

Apple on Thursday unveiled Security Update 2008-005, offering users protection against several major vulnerabilities, some of which affect many different platforms. The most major problem solved relates to Domain Name spoofing wherein a maliciously crafted website, coming in the form of a trusted website, would be substituted, allowing it to collect a user's personal information, such as address, phone number, or credit card numbers.

Additional fixes were applied to the following: Open Scripting Architecture, CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAM, OpenSSL, PHP, QuickLook, and rsync. Most of the fixes relate to malicious arbitrary code execution, while some pertain to permission fixes.


Filed under: security, software, Apple
Other story tags: spoofing, DNS

, , 5comments, del.icio.us, slashdot, digg, buzz


5 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All
   Global Settings

About freakin' time

-5
08/01, 9:14am, EDT

Wow, was it that hard, Apple? Really?

Fresh-Faced Recruit
Joined Nov 2000
User is offline

well.... sorta....

1
08/01, 12:48pm, EDT

The update does not protect users against the DNS issue, because the DNS issue is for activated BIND servers, not clients. BIND is not activated by default on user machines. In short, what this particular fix actually fixes is Mac -servers- (or anyone who has intentionally activated BIND on their machine.)

Fresh-Faced Recruit
Joined Feb 2005
User is offline

That's not correct.

4
08/01, 1:07pm, EDT

While DNS servers running bind are by far the main target. CERT stated that stub resolvers "AKA clients" were also at risk. I would agree that most hackers would not waste their time trying the exploit on a client. However, there is a potential for poisoning the clients DNS resolver.

Fresh-Faced Recruit
Joined Feb 2006
User is offline

louzer

2
08/01, 1:10pm, EDT

"Wow, was it that hard, Apple? Really?"Maybe it was - do you think they've just been sitting on their hands?

Fresh-Faced Recruit
Joined Jul 2006
User is offline

Doesn't fix DNS clients

1
08/01, 1:39pm, EDT

This patch does not resolve the DNS problem on the clients. Apple seems to have decided not to fix it.

Fresh-Faced Recruit
Joined Apr 2007
User is offline
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News

Convert PDF to Word: Easily Convert PDF to Word Doc, Excel, and More. Fast and Accurate. No Registration Trial

Check Out the VIERA from Panasonic!: Enter a New Visual Era with Panasonic VIERA HDTVs. An Enhanced Experience.

NewsGator Enterprise RSS: Improve Corporate Communication via Web 2.0, RSS, and Social Computing.

Get an IT Degree Online: Get solid credentials. Take your hobby to the next level. Adult Programs. Affordable.

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.