Two weeks after internet overlords warned of a serious vulnerability in one of the most widely used programs for resolving domain names, Apple has updated its Mac OS X operating systems to fix the security bug.

The update, released Wednesday, patches a hole in BIND, the net's most popular domain name system package. It's available for both client and server versions of the Mac OS and follows an update released last week that plugged 18 holes and a separate fix issued on Tuesday for six holes in Apple's Safari browser.

It brings relief for a logic issue in the handling of dynamic DNS update messages that allowed attackers to crash servers at will. Exploits using an ANY record in the prerequisite section of a crafted dynamic update message were already in the wild, prompting urgent calls for software that incorporated BIND to be updated as soon as possible. ®

Related stories

• Missing dot sends Sweden tumbling off internet (13 October 2009)
• Apple sneaks malware protection into Snow Leopard (25 August 2009)
• Apple hunts down Win and Mac flavoured Safari flaws (12 August 2009)
• Apple fixes critical Mac holes triggered by image files (6 August 2009)
• Apple patches Black Hat SMS vuln (31 July 2009)
• BIND crash bug prompts urgent update call (29 July 2009)
• Mac OS X gets rootkit coding manual (20 July 2009)
• Speculation mounts over AVG plans for OS X client (2 July 2009)
• Caching bugs exposed in second biggest DNS server (28 February 2009)
• New-age cyber-attack inflicts major damage with modest means (10 February 2009)
• One in ten DNS servers still vulnerable to poisoning (10 November 2008)