Apple has issued an update to fix at least 17 different security holes in its OS X operating system and other software, including a security patch that fixes a much-publicized DNS flaw which was discovered by security researcher Dan Kaminsky earlier this month. The flaw allows an attacker to execute a cache poisoning attack, where traffic to a legitimate domain name is redirected to a malicious one after an attack on a DNS server.
Many of the other vulnerabilities patched in this update are rather serious on their own. With Security Update 2008-005, Apple plugs holes that could lead to privilege escalation, denial-of-service, information disclosure and arbitrary code execution attacks. As usual, the update is available from the software update mechanism in Mac OS X or from Apple’s Web site.
Apple is among a handful of companies that have been under fire for being too slow in reacting to the DNS bug. Other vendors, including Cisco and Microsoft, pushed out a coordinated fix for the flaw on July 8, when it was first disclosed.