Apple Patches DNS Flaw and 16 Other Holes
Apple released updates to fix at least 17 different security holes in its OS X operating system and other software late Thursday, including a patch for the domain name system (DNS) vulnerability that many other affected vendors addressed nearly three weeks ago.
Security Update 2008-005 patches a serious flaw in the DNS that could allow hackers to hijack users' Internet connections or silently redirect them to counterfeit Web sites. Cisco, Microsoft, Sun Microsystems and a host of Linux projects pushed out a coordinated fix for the flaw on July 8, when it was first disclosed, and Apple immediately took heat for not releasing its patch then as well.
My guess is that Apple planned all along to release its patch this week or early next. Dan Kaminsky, the researcher who discovered the DNS flaw and helped coordinate the release of the patches to fix it, tried to withhold details about how the flaw might be exploited until his scheduled talk at next week's Black Hat hacker convention in Las Vegas. That plan obviously fell apart more than a week ago, when other researchers posted details online showing precisely how to exploit the vulnerability.
If you have questions about these patches, the DNS vulnerability or other related computer security questions, join me today at 11 a.m. ET for my regularly scheduled online discussion.
Posted by: Scott Lahteine | August 1, 2008 11:00 AM | Report abuse
Posted by: O. Redding | August 1, 2008 12:13 PM | Report abuse
Posted by: TJ | August 1, 2008 12:37 PM | Report abuse
Posted by: Carlos | August 1, 2008 12:39 PM | Report abuse
Posted by: antibozo | August 1, 2008 11:59 PM | Report abuse
Posted by: Anonymous | August 2, 2008 1:27 AM | Report abuse
Posted by: Steve | August 2, 2008 9:19 AM | Report abuse
Posted by: J. Warren | August 3, 2008 6:23 AM | Report abuse
Posted by: Erica | August 4, 2008 4:01 PM | Report abuse
Posted by: antibozo | August 7, 2008 5:06 PM | Report abuse
The comments to this entry are closed.