Apple Updates Security, Includes BIND Patch in Latest Fix

Following a recent review on TidBITS’ post highlighting a neglected DNS flaw by Apple, the tech giant has released a security fix, addressing the issue three weeks after the security community began proactive measures into their own hands.

This update supersedes the manual fixes previously discussed in the TidBITS article.

In the official documentation provided by Apple, the update addresses several critical vulnerabilities:

  • Enhancements to Open Scripting Architecture to resolve the ARDAgent issue, which previously allowed unauthorized root access through Trojan Horses.

  • Corrections to BIND to prevent DNS cache poisoning, a method used by malicious sites to misrepresent themselves.

  • A fix for a CarbonCore stack buffer overflow that could allow arbitrary code execution.

  • Resolutions for memory corruption and a specific PDF vulnerability in CoreGraphics, both of which could also allow arbitrary code execution.

  • A remedy for a Data Detectors vulnerability that could be leveraged in DOS attacks.

  • An update to Disk Utility to close a Repair Permissions/emacs exploit.

  • Strengthening of LDAP and OpenSSL to close existing vulnerabilities.

  • Patches for multiple PHP vulnerabilities.

  • A fix for a flaw in QuickLook that affected the handling of maliciously crafted Microsoft Office files.

  • An update to rsync to properly handle symbolic links and prevent misuse.

While some of these issues were previously reported, others were new to me, and the comprehensive nature of this update has certainly enhanced my sense of security.

[via Macworld]

.

.

Share This Article
Chris

Matthew is a dedicated writer for TUAW, bringing insightful and engaging content to Apple enthusiasts around the world. With a deep love for all things Apple, Matthew covers everything from the latest iPhone and iPad releases to MacBook innovations and Apple Watch updates. His articles are known for their clarity and depth, making complex tech topics accessible to everyone. When he’s not writing, Matthew enjoys exploring new apps and testing out the latest Apple gadgets.