Apple update patches serious DNS flaw in Mac OS X
In a BIND no more
Two weeks after internet overlords warned of a serious vulnerability in one of the most widely used programs for resolving domain names, Apple has updated its Mac OS X operating systems to fix the security bug.
The update, released Wednesday, patches a hole in BIND, the net's most popular domain name system package. It's available for both client and server versions of the Mac OS and follows an update released last week that plugged 18 holes and a separate fix issued on Tuesday for six holes in Apple's Safari browser.
It brings relief for a logic issue in the handling of dynamic DNS update messages that allowed attackers to crash servers at will. Exploits using an ANY record in the prerequisite section of a crafted dynamic update message were already in the wild, prompting urgent calls for software that incorporated BIND to be updated as soon as possible. ®
Apple didn't write BIND either, they just supply it.
Ok, I shouldn't really feed the trolls, but on the off-chance this guy isn't a troll, and is just totally clue-less and computer illiterate.
It takes time for patches to be released from all vendors for several good reasons.
1. They need to understand the bug. Fools rush in, etc...
2. They need to test the patch fixes the problem.
3. They need to confirm it doesn't affect the operation of the system adversely.
4. They need to confirm it doesn't introduce more bugs.
5. They need to package it, and submit the patch and installer for regression testing.
This actually takes some time, no matter how many people you throw at it.
Good work Apple.
While BIND is included in both the server and client versions of OS X it's not enabled by default.