 |
 Stephen Withers turns his gaze on the world of Apple, with
detours into other aspects of IT and communications as they catch his
attention. |
Technology news and Jobs 
Our Blogs Core Dump Apple catches up with BIND as one of a dozen security patches
Our Blogs Core Dump Apple catches up with BIND as one of a dozen security patches | Apple catches up with BIND as one of a dozen security patches |
|
| by Stephen Withers | |
| Monday, 04 August 2008 | |
|
Page 1 of 3 BIND is part of Mac OS X, but is not enabled by default, A flaw in BIND made it vulnerable to cache poisoning attacks, which could lead to Internet traffic being silently diverted to malicious servers. The underlying problem in the protocol was discovered earlier this year, and the developers of BIND and other affected DNS implementations worked to release new versions of the software early last month. Apple was relatively slow to deliver an updated version of BIND to its customers. Apple's update installs version 9.3.5-P1 on Mac OS X 10.4.11 and 9.4.2.-P1 on 10.5.4. Eleven other issues are fixed by Security Update 2008-005. The SecurityAgent and ARDAgent issues reported earlier this year have been addressed by blocking privilege escalation for scripting additions. Additional bounds checking in CarbonCore prevents long file names from causing a stack buffer overflow in CarbonCore which could previously lead to unexpected application termination or the execution of arbitrary code. What else has been fixed? Find our on page 2. |
| < Next story in category | Previous story in the category > |
|---|
