Security researchers are claiming that Apple has failed to fully patch the high profile DNS cache poisoning error. The company issued the patch last week as part of a larger security update. The so-called Kaminsky flaw (named for its discoverer, Dan Kaminsky,) has sent vendors scrambling to patch what is said to be a fundamental vulnerability in the DNS system.
According to Andrew Storms, director of security operations for network security firm nCircle, Apple's patch doesn't quite do the job. Storms found that the update doesn't force source port randomization for client libraries, an essential fix for preventing the spooking attack. Storms said that while the server component of the error is fixed, client machines remain vulnerable
View: The full story @ vnunet