The Inquirer-Home
Communications > Security

Apple finally patches DNS hole

Better late than never
By Stewart Meagher
Fri Aug 01 2008, 10:47

APPLE HAS RELEASED a security patch which fixes a much-publicised flaw in Domain Name Server (DNS) security, which could have allowed cache-poisoning attacks.

Security Update 2008-005, which is available through Software Update under the Apple icon in the menu bar also fixes a number of other security issues as follows.

Open Scripting Architecture
Fixes an elevated privileges bug when loading plugins
CarbonCore
Fixes stack overflow in handling long file names. Potential code execution.
CoreGraphics
Fixes two bugs, both code execution, one for malicious graphics the other for malicious PDFs.
Data Detectors Engine
Prevents engine crashes when parsing maliciously-crafted content.
Disk Utility
Stops local users from obtaining System privileges.
OpenLDAP
Fixes an ASN parsing bug which can lead to a crash.
OpenSSL
Repairs range checking error which can lead to remote code execution.
PHP
Fixes five different bugs, one of which can lead to remote code execution.
QuickLook
Blocks maliciously-crafted Microsoft Office files which can cause QuickLooks to crash or allow remote code execution.
rsync
Fixes path validation errors.

The 65Mb, download which is available as you read, addresses all of the above problems, some of which were first reported way back in September 2007. µ

Tags: Apple

Share this:

< Previous article| Next article >
Comments
JPG and PDF?

You mean that OS X could be hacked by presenting a malicious JPEG or a PDF? A -JPEG-? Like you'd find on any Web page?&#xD;
&#xD;
That's nearly as bad as Microsoft.&#xD;
&#xD;
I believe Windows had a bug where a malicious JPEG could run as a virus on your PC. I'm not sure, but I think this is one that was announced as support for Windows 98 ended, so that it wasn't fixed on 98 and that is forever unsafe to use online now. But also: "MS04-041: A vulnerability in WordPad could allow code execution". WordPad is a text editor. A malicious document in a text editor can take over my computer?? Well, not now - they fixed that - and this post is about losing faith in Apple, not about Windows.&#xD;
&#xD;
I think there have been security problems in Windows Explorer too - the built-in file management tool. How about on the Mac?

posted by : Robert Carnegie, 04 August 2008 Complain about this comment
Not so fast...

Server issues have been addressed, but the client-side vulnerability is still open...&#xD;
&#xD;
http://www.insanely-great.com/news.php?id=9445&#xD;
&#xD;
There's also the question of whether or not bind is active / vulnerable under OS client...

posted by : M Sharp, 04 August 2008 Complain about this comment
aboutus
Advertisement
Subscribe to INQ newsletters
Click here to sign up Existing user
INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage
Advertisement
INQ Jobs
INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

View other polls
Follow us:
Business & Technology websites:
Business research resources:
Products:
Investment Market IT websites:
Find out what you are worth:
Search for a job:
Recruitment Agency A-Z Directory
Accreditations: