10.5.5 update fixes DNS vulnerability

by Robert Palmer (RSS feed) on Sep 16th 2008 at 4:00PM

Apple's Mac OS X 10.5.5 update (and Security Update 2008-006) fixes a critical DNS vulnerability that could allow attackers to trick victims into visiting malicious Web sites using what's known as a "cache poisoning attack." We wrote about the vulnerability in August.

Although Apple's release notes say BIND was updated "to address performance issues," the update also delivers the promised address port randomization that protects users from such cache poisoning attacks. The original patch offered protection for Apple's servers but did not completely protect client systems.

Apple's updates fixed flaws in several applications and system components, including some that attackers could use to run unauthorized software on a user's computer.

[Via IDG.]

Tags: 10.5.5, bind, cache, dns, nyt, poisoning, security

Lead Blogger

AOL Find a Job - New York, NY (3 weeks ago)

See More Relevant Jobs ›

Reader Comments (Page 1 of 1)

Gaz said 4:27PM on 9-16-2008

Well I have bad news to report. 10.5.5 may fix many security problems, but it has managed to break both my iMac and my Macbook Pro's Calendar sync!!

Neither work, and all known fixes on the web fix the issues.

So now I can't update my calendars on my iPhone.

Great! Thanks Apple....

↓↑report

Jeremy said 5:37PM on 9-16-2008

@ Gaz You're obviously so angry you're not making any sense.

First, sync with what? (MobileMe, OS-X server...). Secondly, if "all known fixes on the web actually fix the issues" for you then you are awash in solutions and don't actually have a problem. ;)

If you're sync problem is with MobileMe I have trouble taking you seriously as you haven't had the time to really try "all known fixes" and with Mobileme the problem has to persist for longer than just one morning for it to be noteworthy (given the up/down nature of the service.)

If it's with OS-X server, it's likely that the server hasn't been patched IMO.

↓↑report

hoser said 5:50PM on 9-16-2008

Does this mean that that glaringly bad phishing exploit has been sealed up?

↓↑report

DT said 3:03AM on 9-17-2008

Well well, that was fast! Is it possible that Apple is the last major in this business to fix this?

↓↑report

Tip of the Day

Want to drag a file to another folder and copy it instead of moving it? Press the Option key when you drag that file and it'll be duplicated rather than moved entirely.

Learn More

Latest Jobs from TUAW Jobs

Post a Job

TUAW flickr Pool

www.flickr.com

Featured Galleries

TUAW bloggers (30 days)

#	Blogger	Posts	Cmts
1	Steven Sande	46	4
2	Mike Schramm	34	0
3	Mel Martin	32	0
4	Dave Caolo	32	1
5	Michael Rose	20	19
6	TJ Luoma	19	31
7	Victor Agreda, Jr.	17	6
8	Josh Carr	17	24
9	Joachim Bean	15	3
10	Erica Sadun	14	2
11	Sang Tang	11	0
12	Ken Ray	11	2
13	David Winograd	10	13
14	Brett Terpstra	8	6
15	Megan Lavey	7	9
16	Kent Pribbernow	4	0
17	Tim Wasson	4	1
18	Aron Trimble	4	3
19	Lauren Hirsch	4	0
20	John Burke	4	3

More Apple Analysis

AAPL on BloggingStocks The Apple category feed from BloggingStocks.com
AAPL Quote, News & Summary The AAPL financials page from AOL Money and Finance
iPhone analysis from BloggingStocks iPhone tag feed from BloggingStocks
Macintosh news and reviews on Download Squad The Macintosh category feed from Download Squad

The Unofficial Apple Weblog (TUAW)