Apple misses mark on DNS patch

Security researchers are claiming that Apple has failed to fully patch the high profile DNS cache poisoning error. The company issued the patch last week as part of a larger security update. The so-called Kaminsky flaw (named for its discoverer, Dan Kaminsky,) has sent vendors scrambling to patch what is said to be a fundamental vulnerability in the DNS system.

According to Andrew Storms, director of security operations for network security firm nCircle, Apple's patch doesn't quite do the job. Storms found that the update doesn't force source port randomization for client libraries, an essential fix for preventing the spooking attack. Storms said that while the server component of the error is fixed, client machines remain vulnerable

View: The full story @ vnunet

Report a problem with article
Previous Story

Live Mesh may emerge as Microsoft 'cloud' platform

Next Story

Microsoft Unveils New Tools to Fight Security Threats

19 Comments

Commenting is disabled on this article.

Well of course that they will be the last with this kind of a patch, since they have to wait for the BSD guys to fix it, so that they can take their work and pack it up in a shiny package. And first they have to analyze what was actually fixed...

Are you just being facetious? BSD had this fixed some time ago. OSX uses BSD/Darwin base, but it seems that they are a little behind in keeping updated - at least I have seen some posted complaints about old versions of basic *BSD packages being used in 'current' OSX.

Firstly anyone going on about how insecure MAC's are really need to remember that this effected all OS's, Just Apple were a bit slow on the update.

I think the problem here is that since MAC's have hit the mainstream, Apple haven't updated put any money back into fixing the flaws with their software. This and Safari issues on windows I think shows that they need to start focusing on after sales a bit more rather than the making everything smaller and in a wider range of colors.

(The Dark Wanderer said @ #6)
Firstly anyone going on about how insecure MAC's are really need to remember that this effected all OS's, Just Apple were a bit slow on the update.

I think the problem here is that since MAC's have hit the mainstream, Apple haven't updated put any money back into fixing the flaws with their software. This and Safari issues on windows I think shows that they need to start focusing on after sales a bit more rather than the making everything smaller and in a wider range of colors.

"a bit slow"? It's a rather serious security vulnerability, and it still hasn't been fully resolved, despite everyone else having had it fixed like over a month ago.

Apple's attitude towards security is puzzling, given their rather bold claims about their OS compared to their competitors.

Ahhhhhhhhhhhhhhhahahaha....figures. Way to go Apple! Putting the customers first!

And yes, Vista has flaws. The difference is that MS patches their flaws a HELL OF A LOT faster than Apple. Apple needs to stop making their stuff look pretty and start making it secure and usable. :P And what is funny is Apple did release a patch for the DNS flaw but it didnt work the way it should. *shakes head*

(PrEzi said @ #2)
Oh... where are the MAC fanboys now ? MAC Secure ? Pffft... yeah... right...

Probably playing with their Network cards? MAC stands for Media Access Control, I think you wanted Mac

(neufuse said @ #2.1)

Probably playing with their Network cards? MAC stands for Media Access Control, I think you wanted Mac ;)

The whole MAC/Mac thing is about as witty as the 'Micro$oft' thing. In that neither are funny. At all.

(PrEzi said @ #2)
Oh... where are the MAC fanboys now ? MAC Secure ? Pffft... yeah... right...

Let's put it simple : LOL

I'll be there to remind you when Vista has flaws

(PsykX said @ #2.3)

Let's put it simple : LOL

I'll be there to remind you wen Vista has flaws ;)

I'll be there to remind you that Leopard currently has 20x the issues that Vista has

I do see your humour (really) but seriously, this is getting as _old_ as the M$ crap.

Eitherway, hope the apple guys fix this bug as soon as possible.

It may not as many holes of Windows but it's not invincible. Some reports are now starting to say the opposite and that Windows Vista is the most secure OS.

(thealexweb said @ #1.2)
It may not as many holes of Windows but it's not invincible. Some reports are now starting to say the opposite and that Windows Vista is the most secure OS.
Heh, Ubuntu is probably a lot more secure than Vista and OSX combined, i mean, what crazy malware creator would waste his time creating something for a platform that no ordinary user uses?

(thealexweb said @ #1.2)
It may not as many holes of Windows but it's not invincible. Some reports are now starting to say the opposite and that Windows Vista is the most secure OS.
Jeff Jones (Security Strategy Director at Microsoft) has always claimed Windows as most secure. I doubt he even conceded XP as being less secure than OpenBSD, Linux, or OSX.

So, you can't take the claims of a person or small group, and say that they are factual or representative of the product.

Vista is good. Really. But be honest here. Microsoft only recently caught up with the other OSes as far as implementing secure practices.

That said, I think that Apple's delays in releasing a patch (which seems to have been done a few days ago?) are inexcusable. They fell way behind all other vendors. And now it seems that the patch just isn't all that it should have been? Are they being complacent?

(Shadow Dragon said @ #1.3)
Heh, Ubuntu is probably a lot more secure than Vista and OSX combined, i mean, what crazy malware creator would waste his time creating something for a platform that no ordinary user uses?

Security by obscurity is not security. It's just obscurity.