Filed under: OS, Open Source, Security
10.5.5 update fixes DNS vulnerability
Apple's Mac OS X 10.5.5 update (and Security Update 2008-006) fixes a critical DNS vulnerability that could allow attackers to trick victims into visiting malicious Web sites using what's known as a "cache poisoning attack." We wrote about the vulnerability in August.
Although Apple's release notes say BIND was updated "to address performance issues," the update also delivers the promised address port randomization that protects users from such cache poisoning attacks. The original patch offered protection for Apple's servers but did not completely protect client systems.
Apple's updates fixed flaws in several applications and system components, including some that attackers could use to run unauthorized software on a user's computer.
[Via IDG.]

![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)


Reader Comments (Page 1 of 1)
Gaz said 4:27PM on 9-16-2008
Well I have bad news to report. 10.5.5 may fix many security problems, but it has managed to break both my iMac and my Macbook Pro's Calendar sync!!
Neither work, and all known fixes on the web fix the issues.
So now I can't update my calendars on my iPhone.
Great! Thanks Apple....
Reply
Jeremy said 5:37PM on 9-16-2008
@ Gaz You're obviously so angry you're not making any sense.
First, sync with what? (MobileMe, OS-X server...). Secondly, if "all known fixes on the web actually fix the issues" for you then you are awash in solutions and don't actually have a problem. ;)
If you're sync problem is with MobileMe I have trouble taking you seriously as you haven't had the time to really try "all known fixes" and with Mobileme the problem has to persist for longer than just one morning for it to be noteworthy (given the up/down nature of the service.)
If it's with OS-X server, it's likely that the server hasn't been patched IMO.
Reply
hoser said 5:50PM on 9-16-2008
Does this mean that that glaringly bad phishing exploit has been sealed up?
Reply
DT said 3:03AM on 9-17-2008
Well well, that was fast! Is it possible that Apple is the last major in this business to fix this?
Reply