10.5.5 update fixes DNS vulnerability

Apple's Mac OS X 10.5.5 update (and Security Update 2008-006) fixes a critical DNS vulnerability that could allow attackers to trick victims into visiting malicious Web sites using what's known as a "cache poisoning attack." We wrote about the vulnerability in August.

Although Apple's release notes say BIND was updated "to address performance issues," the update also delivers the promised address port randomization that protects users from such cache poisoning attacks. The original patch offered protection for Apple's servers but did not completely protect client systems.

Apple's updates fixed flaws in several applications and system components, including some that attackers could use to run unauthorized software on a user's computer.

[Via IDG.]

View Tags

Source: http://www.nytimes.com/idg/IDG_852573C400693880002574C50076A…

Categories

OS Open Source Security

Apple's Mac OS X 10.5.5 update (and Security Update 2008-006) fixes a critical DNS vulnerability that could allow attackers to trick...

Add a Comment

Sign in »

3 Comments

Filter by:

Well well, that was fast! Is it possible that Apple is the last major in this business to fix this?

September 17 2008 at 3:03 AM Report abuse Permalink rate up rate down Reply

hoser

Does this mean that that glaringly bad phishing exploit has been sealed up?

September 16 2008 at 5:50 PM Report abuse Permalink rate up rate down Reply

Gaz

Well I have bad news to report. 10.5.5 may fix many security problems, but it has managed to break both my iMac and my Macbook Pro's Calendar sync!!

Neither work, and all known fixes on the web fix the issues.

So now I can't update my calendars on my iPhone.

Great! Thanks Apple....

September 16 2008 at 4:23 PM Report abuse Permalink rate up rate down Reply