Apple releases bumper patch batch
DNS cache poisoning flaw finally fixed
Apple has published a major security patch. Mac OS X 10.5.5 is the sixth substantial security update from the company this year. The patch cycle also includes fixes for version 10.4 of Apple's software.
Both updates mend DNS security holes in older versions of BIND previously bundled with Apple's software. There are also updates for Directory Services, kernel, OpenSSH remote access software, QuickDraw Manager and more.
The flaws in ImageIO, QuickDraw Manager, VideoConference and ATS could lend themselves to hostile code injection. Meanwhile security bugs in libresolv could allow DNS cache poisoning, Apple's security notice explains.
Security watchers - such as the Internet Storm Centre - recommend the prompt patching of Apple systems. The updates follow fixes for iTunes and QuickTime application software released last week. ®