iTWire - Apple in a BIND with Security Update 2009-004

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Apple in a BIND with Security Update 2009-004

Apple in a BIND with Security Update 2009-004

E-mail

by Stephen Withers
Thursday, 13 August 2009
Apple has released its second Mac OS X security update in just eight days. Featured Whitepaper 5 Best Practices for Smartphone Support Only one new fix is delivered by Security Update 2009-004, and that addresses a vulnerability in the BIND DNS server. BIND itself was updated at the end of July, so Apple has acted relatively quickly by passing on the update to its customers in two weeks. New versions of open-source components used in Mac OS X have been known to be several months old before Apple packages them into software updates. The strange thing is that this comparatively prompt release is for a component that is not enabled by default in either Mac OS X or Mac OS X Server. This has led to speculation that the underlying problem may be more serious than generally regarded. For example, security vendor Intego noted: "While other sources say it is of low severity, Apple’s choice of issuing this security update now suggests that it might actual [sic] be more serious." Anyway, here's how Apple describes the problem: "A logic issue in the handling of dynamic DNS update messages may cause an assertion to be triggered. By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service. The issue affects servers which are masters for one or more zones, regardless of whether they accept updates. BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default. This update addresses the issue by properly rejecting messages with a record of type 'ANY' where an assertion would previously have been raised." The BIND developers were more concise: "A specially crafted update packet will cause named to exit." Security Update 2009-004 is available for Mac OS X 10.4.11 (separate PowerPC and Intel versions), Mac OS X Server 10.4.11 (a single Universal version), Mac OS X 10.5.8, and Mac OS X Server 10.5.8. The size of the updates varies considerably, in part because they incorporate the content of previous Security Updates. Security Update 2009-004 is available via Software Update or Apple's Support Downloads page. Tags See All Tags Apple DNS Mac OS X Open Source Operating Systems Operating system Security Software Stephen Withers Update Updates Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking