Newsletters

Select newsletters below and click the button to sign up!

Boston News NY News
DC News Internet Daily
SiliconValley News
InternetNews Business Report




Become a Marketplace Partner


Partner With Us


Internetnews Bloggers

Recent Entries

Archives

August 2009
Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

Monthly Archives

Search The Blog

Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT



Apple patches Mac OS X for BIND DNS - 2 weeks late!?

By Sean Michael Kerner on August 13, 2009 9:39 AM
apple_new_macs_200x180.jpg
From the 'What's Going On?' files:

Apple is updating its Mac OS X for a BIND DNS issue that was patched by other vendors two weeks ago.

The issue is a critical vulnerability in the BIND 9 DNS server that could lead to a Denial of Service (DoS) attack condition. It's an issue that US-CERT issued a warning on, and was reported to be exploited in the wild.

The ISC - the group that leads development of BIND - had a patch out on July 29th - so that means to my naked eye, that Apple Mac OS X server users have been at risk for two weeks.

Not only at risk, but at risk from a known flaw for which exploit code exists in the wild.  Not only does exploit code exist, but so did a patch - but not for Mac OS X.

Is it the ISC's fault? I don't think so. They put out the source code and enable anyone to repackage a binary that would work for multiple operating systems.

Apple in my opinion was just a bit slow in this case.

Actually who am I kidding? Apple traditionally has been slow at patching known open source issues and that is a root cause for insecurity in Mac OS X overall.

The iPhone was first hacked by security researcher Charlie Miller - according to an explanation he gave at Black Hat in 2007 - because Apple had old/un-patched open source code that they were still using.

I don't know how widely deployed OS X is as a DNS server, so it's unclear how much risk there actually was. I do know that Mac OS X in general use a fair bit of open source code. Perhaps its time that Apple develops an even closer relationship with some of the key open source projects that it relies on to ensure that they can put out packages quicker.

I don't doubt the integrity of Apple's software team, trying to ensure that their packages will work on OS X and have a high level of quality. It's just that the packages really do need to come faster, to protect users from known vulnerabilities.

| Comments (0) | TrackBacks (0) | Share

0 TrackBacks

Listed below are links to blogs that reference this entry: Apple patches Mac OS X for BIND DNS - 2 weeks late!?.

TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/8709

Leave a comment