Apple + Security & Privacy

Apple Has Yet to Patch DNS Vulnerability

Posted on by

A couple of weeks ago, we wrote about a major flaw in the way the DNS system works, and how all the major vendors had concerted and patched DNS servers to protect against this vulnerability. Well, Rich Mogull, writing at TidBITS, points out that Apple has not yet issued a fix for this problem for Mac OS X, and especially for Mac OS X Server, for which such a patch is much more important. (Most users of Mac OS X client don’t do DNS lookups via their Macs, but rather via a server or their ISP’s DNS server.) Mogull says, “All users of Mac OS X Server who use it for recursive DNS must immediately switch to an alternative or risk being compromised and traffic being redirected.”

We have written in the past about how Apple is slow to issue security updates, especially for the open source software included in Mac OS X and Mac OS X Server. Let’s hope they get hopping on this one, since security researchers around the world agree that this is a serious bug.

Comments are closed.