Apple patches DNS hole

By Stewart Meagher on Aug 4, 2008 9:35 AM
Filed under Applications

Apple has released a security patch which fixes a much-publicised flaw in Domain Name Server (DNS) security, which could have allowed cache-poisoning attacks.

Security Update 2008-005, which is available through Software Update under the Apple icon in the menu bar also fixes a number of other security issues as follows.

Open Scripting Architecture Fixes an elevated privileges bug when loading plugins CarbonCore Fixes stack overflow in handling long file names. Potential code execution.

CoreGraphics Fixes two bugs, both code execution, one for malicious graphics the other for malicious PDFs. Data Detectors Engine Prevents engine crashes when parsing maliciously-crafted content. Disk Utility Stops local users from obtaining System privileges.

OpenLDAP Fixes an ASN parsing bug which can lead to a crash. OpenSSL Repairs range checking error which can lead to remote code execution. PHP Fixes five different bugs, one of which can lead to remote code execution.

QuickLook Blocks maliciously-crafted Microsoft Office files which can cause QuickLooks to crash or allow remote code execution. rsync Fixes path validation errors.

The 65Mb, download which is available as you read, addresses all of the above problems, some of which were first reported way back in September 2007. µ

apple, finally, patches, dns, hole

Ads by Google

What are your thoughts on this article? Add your comment below.

To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.

NOTE: You must be a registered member of SC Magazine to post a comment.

Click here to login | Click here to register

comments powered by Disqus