10.5.5 update fixes DNS vulnerability

by Robert Palmer (RSS feed) on Sep 16th 2008 at 4:00PM

Apple's Mac OS X 10.5.5 update (and Security Update 2008-006) fixes a critical DNS vulnerability that could allow attackers to trick victims into visiting malicious Web sites using what's known as a "cache poisoning attack." We wrote about the vulnerability in August.

Although Apple's release notes say BIND was updated "to address performance issues," the update also delivers the promised address port randomization that protects users from such cache poisoning attacks. The original patch offered protection for Apple's servers but did not completely protect client systems.

Apple's updates fixed flaws in several applications and system components, including some that attackers could use to run unauthorized software on a user's computer.

[Via IDG.]

Tags: 10.5.5, bind, cache, dns, nyt, poisoning, security

Mac developer for graphics focused project

Joshua Distler (2 weeks ago)

See More Relevant Jobs ›

Reader Comments (Page 1 of 1)

Gaz said 4:27PM on 9-16-2008

Well I have bad news to report. 10.5.5 may fix many security problems, but it has managed to break both my iMac and my Macbook Pro's Calendar sync!!

Neither work, and all known fixes on the web fix the issues.

So now I can't update my calendars on my iPhone.

Great! Thanks Apple....

↓↑report

Jeremy said 5:37PM on 9-16-2008

@ Gaz You're obviously so angry you're not making any sense.

First, sync with what? (MobileMe, OS-X server...). Secondly, if "all known fixes on the web actually fix the issues" for you then you are awash in solutions and don't actually have a problem. ;)

If you're sync problem is with MobileMe I have trouble taking you seriously as you haven't had the time to really try "all known fixes" and with Mobileme the problem has to persist for longer than just one morning for it to be noteworthy (given the up/down nature of the service.)

If it's with OS-X server, it's likely that the server hasn't been patched IMO.

↓↑report

hoser said 5:50PM on 9-16-2008

Does this mean that that glaringly bad phishing exploit has been sealed up?

↓↑report

DT said 3:03AM on 9-17-2008

Well well, that was fast! Is it possible that Apple is the last major in this business to fix this?

↓↑report

Tip of the Day

Use Spotlight as a reference tool. Type any word in the Spotlight box and one of the top entries will be a definition. Click on it, and it will bring up the dictionary application to check the word in either the dictionary, thesaurus, Apple database, or Wikipedia.

Learn More

Latest Jobs from TUAW Jobs

Post a Job

TUAW flickr Pool

www.flickr.com

Featured Galleries

TUAW bloggers (30 days)

#	Blogger	Posts	Cmts
1	Steven Sande	43	3
2	Dave Caolo	35	4
3	Mel Martin	30	0
4	Mike Schramm	28	0
5	Michael Rose	19	23
6	Josh Carr	18	24
7	Victor Agreda, Jr.	15	6
8	TJ Luoma	14	25
9	Erica Sadun	11	1
10	David Winograd	10	5
11	Joachim Bean	10	3
12	Ken Ray	10	2
13	Aron Trimble	10	3
14	Chris Rawson	9	0
15	Sang Tang	9	0
16	Megan Lavey	6	9
17	Brett Terpstra	6	5
18	John Burke	6	3
19	Lauren Hirsch	4	0
20	Brett Kelly	3	4

More Apple Analysis

AAPL on BloggingStocks The Apple category feed from BloggingStocks.com
AAPL Quote, News & Summary The AAPL financials page from AOL Money and Finance
iPhone analysis from BloggingStocks iPhone tag feed from BloggingStocks
Macintosh news and reviews on Download Squad The Macintosh category feed from Download Squad

The Unofficial Apple Weblog (TUAW)