Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The patch fixes an issue that would have enabled a remote attacker to cause a DNS server to unexpectedly terminate. “A logic issue in the handling of dynamic DNS update messages may cause an assertion to be triggered,” said the Apple advisory (Security Update 2009-004). “By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service.”The BIND vulnerability first surfaced in July, and a fix was issued by the Internet Systems Consortium (ISC), a nonprofit that supports a number of internet software implementations. The vulnerability only affects servers that are the master system in a DNS zone.“It's probably more of a threat to an OS X server than to everyday workstations,” Joel Esler, an incident handler with the SANS Internet Storm Center, told SCMagazineUS.com in an email. “Since Apple runs the BIND DNS software, they are vulnerable to it.”The recent flurry of updates from Apple highlights the pace of new security issues at every level.“If you patch, you close that particular vulnerability,” Cricket Liu, vice president of architecture at DNS appliance vendor Infoblox, told SCMagazineUS.com. “But, of course, this is a constant arms race – hackers find vulnerabilities and we have to patch our name servers as quickly as possible.”“This is just the latest in a string of vulnerabilities that have been found in various name server implementations over the years,” he added.The update, available for Tiger clients and servers, as well as the Leopard OS, can be downloaded here.“All users should upgrade immediately, since there are exploits in the wild already,” Esler said. See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.