Apple resolves DNS spoofing vulnerability in 2008-005

View this article at: http://www.macnn.com/articles/08/08/01/apple.solves.dns.spoofs/

Friday, Aug 01, 2008 12:30am

Apple resolves DNS spoofing vulnerability in 2008-005

Apple on Thursday unveiled Security Update 2008-005, offering users protection against several major vulnerabilities, some of which affect many different platforms. The most major problem solved relates to Domain Name spoofing wherein a maliciously crafted website, coming in the form of a trusted website, would be substituted, allowing it to collect a user's personal information, such as address, phone number, or credit card numbers.

Additional fixes were applied to the following: Open Scripting Architecture, CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAM, OpenSSL, PHP, QuickLook, and rsync. Most of the fixes relate to malicious arbitrary code execution, while some pertain to permission fixes.