10.5.5 update fixes DNS vulnerability

by Robert Palmer on Sep 16th 2008

Apple's Mac OS X 10.5.5 update (and Security Update 2008-006) fixes a critical DNS vulnerability that could allow attackers to trick victims into visiting malicious Web sites using what's known as a "cache poisoning attack." We wrote about the vulnerability in August.

Although Apple's release notes say BIND was updated "to address performance issues," the update also delivers the promised address port randomization that protects users from such cache poisoning attacks. The original patch offered protection for Apple's servers but did not completely protect client systems.

Apple's updates fixed flaws in several applications and system components, including some that attackers could use to run unauthorized software on a user's computer.

[Via IDG.]

Tags: 10.5.5, bind, cache, dns, nyt, poisoning, security

Reader Comments (Page 1 of 1)

Gaz said 4:27PM on 9-16-2008

Well I have bad news to report. 10.5.5 may fix many security problems, but it has managed to break both my iMac and my Macbook Pro's Calendar sync!!

Neither work, and all known fixes on the web fix the issues.

So now I can't update my calendars on my iPhone.

Great! Thanks Apple....

↓↑report

Jeremy said 5:37PM on 9-16-2008

@ Gaz You're obviously so angry you're not making any sense.

First, sync with what? (MobileMe, OS-X server...). Secondly, if "all known fixes on the web actually fix the issues" for you then you are awash in solutions and don't actually have a problem. ;)

If you're sync problem is with MobileMe I have trouble taking you seriously as you haven't had the time to really try "all known fixes" and with Mobileme the problem has to persist for longer than just one morning for it to be noteworthy (given the up/down nature of the service.)

If it's with OS-X server, it's likely that the server hasn't been patched IMO.

↓↑report

hoser said 5:50PM on 9-16-2008

Does this mean that that glaringly bad phishing exploit has been sealed up?

↓↑report

DT said 3:03AM on 9-17-2008

Well well, that was fast! Is it possible that Apple is the last major in this business to fix this?

↓↑report

Tip of the Day

Holding the Command key (aka the Apple key) and pressing Tab will cycle through your open applications. It's easier to Cmd-Tab if you are Copy (Cmd-C) and Pasting (Cmd-V) to and from various applications.

Learn More

TUAW flickr Pool

www.flickr.com

Advertise with us. (Learn more)

Featured Galleries

TUAW bloggers (30 days)

#	Blogger	Posts	Cmts
1	Steven Sande	39	13
2	Michael Rose	31	26
3	Mel Martin	29	0
4	Victor Agreda, Jr.	25	8
5	Mike Schramm	25	1
6	Brett Terpstra	18	11
7	Erica Sadun	17	2
8	Megan Lavey	16	6
9	Robert Palmer	14	5
10	Dave Caolo	14	0
11	Chris Rawson	12	0
12	David Winograd	12	0
13	Christina Warren	9	28
14	Michael Jones	8	0
15	Tim Wasson	8	0
16	Sang Tang	7	1
17	Jason Clarke	6	1
18	Cory Bohon	6	0
19	Casey Johnston	6	0
20	Mat Lu	3	0

More Apple Analysis

AAPL on BloggingStocks The Apple category feed from BloggingStocks.com
AAPL Quote, News & Summary The AAPL financials page from AOL Money and Finance
iPhone analysis from BloggingStocks iPhone tag feed from BloggingStocks
Macintosh news and reviews on Download Squad The Macintosh category feed from Download Squad

The Unofficial Apple Weblog (TUAW)

10.5.5 update fixes DNS vulnerability

Related Articles From The Unofficial Apple Weblog