Apple patches DNS flaw and 16 other holes

By on
Apple has issued an update to fix at least 17 different security holes in its OS X operating system and other software, including a security patch that fixes a much-publicized DNS flaw which was discovered by security researcher Dan Kaminsky earlier this month. The flaw allows an attacker to execute a cache poisoning attack, where traffic to a legitimate domain name is redirected to a malicious one after an attack on a DNS server.

Many of the other vulnerabilities patched in this update are rather serious on their own. With Security Update 2008-005, Apple plugs holes that could lead to privilege escalation, denial-of-service, information disclosure and arbitrary code execution attacks. As usual, the update is available from the software update mechanism in Mac OS X or from Apple’s Web site.

Apple is among a handful of companies that have been under fire for being too slow in reacting to the DNS bug. Other vendors, including Cisco and Microsoft, pushed out a coordinated fix for the flaw on July 8, when it was first disclosed.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.