REALTIME IT NEWS
REALTIME IT NEWS
Newsletters Select newsletters below and click the button to sign up!
Internetnews BloggersRecent Entries
ArchivesMonthly ArchivesSearch The Blog
« Firefox 3 at low/high risk from new flaw |
Sean Michael Kerner Blog
| Mozilla files landslide bug »
Apple finally patches Kaminsky DNS flaw From the "better late than never" files:
For some unknown reason, Apple did not have a patch available for the DNS flaw that Dan Kaminsky first announced more than two weeks ago, despite the fact that one was available for BIND (which is what Apple uses). Apple has finally gotten off its iPhone rich tail and now put out an official patch, saving users from a flaw that has been weaponized and exploited in the wild. The BIND update is part of Apple security update 2008-005 which also includes fixes for PHP, OpenLDAP and OpenSSL. Do you see a pattern here? Cause I sure do. Apple uses a lot of open source software and that's great. Apple also doesn't seem to be offering its users the updated packages for some of those open source packages as quickly as they are actually available in the general community (not so great). It sure would be easy pickings for hacker to just look at the open source apps running on a Mac, see what isn't update and then go after vulnerabilities that have already been publicly exposed. 0 TrackBacksListed below are links to blogs that reference this entry: Apple finally patches Kaminsky DNS flaw. TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/4173 1 CommentsLeave a comment |
||
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers
|
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices |
MORE WEBCASTS, PODCASTS, AND VIDEOS |
|
Iron Speed Designer Application Generator |
MORE DOWNLOADS, EKITS, AND FREE TRIALS |
Digg
Del.icio.us
furl
StumbleUpon
BlinkList
Newsvine
Magnolia
Facebook
Tailrank
Slashdot
Technorati
Google
Bookmarks
Yahoo
Favorites
Windows
Live
Ask
No surprise here. This is to be expected from Apple.
This latest update fixed about 17 known vulnerabilities and the one from the previous month fixed about 20. At least the frequency of their security updates has improved.
So what if they didn't release a patch right away for the BIND vulnerability -- I don't suspect there to be many Mac-based DNS servers on the internet. The important vendors released their patches in a timely manner, and that is what counts.
I mean, I don't know the background behind the disclosure of this vulnerability, but maybe Kaminsky, CERT, or whomever should have coordinated the disclosure differently.