Apple Security fix includes BIND update
Yesterday, shortly after I read TidBITS' post on securing the DNS flaw that Apple had ignored for a while, Apple released a security fix which finally took care of the situation. This comes 3 weeks after the security industry began taking matters into their own hands. This fix does overwrite the files updated in the TidBITs post on manually correcting the issue, mentioned above.
In Apple's notes on the update, they mention fixes for:
- Open Scripting Architecture, which addresses the ARDAgent issue which allowed Trojan Horses and non-administrator users to gain root access
- The aforementioned BIND issue which allowed for DNS poisoning (allowing malicious websites to forge their identity)
- A CarbonCore stack buffer overflow which allowed for arbitrary code execution
- A CoreGraphics memory corruption issue and a CoreGraphics PDF weakness, both allowing for arbitrary code execution
- A Data Detectors issue which could be exploited for [DOS](http://en.wikipedia.org/wiki/Denial-of-service_attack) attacks
- A Repair Permissions/emacs exploit in Disk Utility
- An LDAP weakness
- An OpenSSL weakness
- Multiple PHP vulnerabilities
- A flaw in QuickLook's handling of maliciously crafted Microsoft Office files
- An issue with rsync's handling of symbolic links
Some of those had been reported, some I hadn't heard about previously, but I'm certainly feeling more secure this morning.
[via Macworld]
Share
Categories
Yesterday, shortly after I read TidBITS' post on securing the DNS flaw that Apple had ignored for a while, Apple released a security fix...
Add a Comment
How come TUAW hasn't posted the story about how Apple's DNS patch doesn't actually patch the DNS flaw that it was supposed to patch? I submitted the story earlier this morning, as I'm sure other people have also...the story has been floating around the Internet for several hours now too, so it seems odd that TUAW hasn't come across it themselves either.
August 01 2008 at 3:25 PM Report abuse Permalink rate up rate down ReplyMy iMac G5 logs itself out as soon as a log in after installing the update. Repaired permissions, no joy. Managed to get it to start in safe boot mode.
August 01 2008 at 2:21 PM Report abuse Permalink rate up rate down ReplyJust want to see if anyone else experience any issues after installing this update. After i had installed and restarted, every single one of my apps crashed while starting up... I couldn't open anything. It wasn't until I restarted again, that my apps became functional again.
August 01 2008 at 10:53 AM Report abuse Permalink rate up rate down ReplyIt does say 'Restart will be required'...
August 01 2008 at 11:31 AM Report abuse Permalink rate up rate down ReplyNo my apps we're crashing AFTER the initial re-start, I had to restart twice before my apps regained functionality...
August 01 2008 at 12:57 PM Report abuse Permalink rate up rate down ReplyHot Apps on TUAW
Deals of the Day
more deals- Verizon Leather Sleeve for Tablets for $4 + free shipping
- Wicked Jaw Breaker Noise-Isolating In-Ear Headphones for $6 + free shipping
- Refurb Apple MacBook Air Laptops: 12" 64GB SSD for $699 + free shipping
- JVC Motion Sensing Clock Radio with Dual iPod Docks for $55 + free shipping
- Apple iPhone Headset with Mic for $4 + $2 s&h
- Refurb Apple iPod nano 8GB MP3 Player for $99 + free shipping, 16GB for $119
Software Updates
more updates- EFI Firmware Update brings Lion Internet Recovery to 2010-model Macs
- OS X Lion 10.7.3 released with Safari 5.1.3, Wi-Fi bug fix
- Aperture updated to 3.2.2, addresses Photo Stream issue
- Apple updates Keynote to address Lion issues
- Google Search app gets new look on iPad
- Apple releases Apple TV Software Update 4.4.3
Featured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
5 Comments