Original URL: http://www.theregister.co.uk/2009/08/12/apple_patches_bind_vuln/
Apple update patches serious DNS flaw in Mac OS X
In a BIND no more
Posted in Security, 12th August 2009 23:13 GMT
Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement
Two weeks after internet overlords warned of a serious vulnerability in one of the most widely used programs for resolving domain names, Apple has updated its Mac OS X operating systems to fix the security bug.
The update, released Wednesday, patches a hole in BIND, the net's most popular domain name system package. It's available for both client and server versions of the Mac OS and follows an update released last week [1] that plugged 18 holes and a separate fix issued on Tuesday for six holes in Apple's Safari browser [2].
It brings relief for a logic issue in the handling of dynamic DNS update messages that allowed attackers to crash servers at will. Exploits using an ANY record in the prerequisite section of a crafted dynamic update message were already in the wild [3], prompting urgent calls for software that incorporated BIND to be updated as soon as possible. ®