Apple + Security & Privacy

Apple has release Security Update 2008-05, an important update that patches a dozen vulnerabilities, including two very high-profile problems: the DNS cache poisoning vulnerability that we have written about several times, and the ARDAgent vulnerability, a critical threat that Apple has taken quite some time to update. This update also patches holes in CoreGraphics, Disk Utility and other elements of Mac OS X. You should install this update as soon as possible, either via Software Update, or by downloading an updater from Apple’s downloads page. The update is 58 MB for Mac OS X 10.5 and 145 MB for Mac OS X 10.4.

Meanwhile, John C. Welch, writing at Macworld, chastised Apple for the long delay in issuing the security fix for the DNS cache poisoning vulnerability. However, the patch was issued just hours after his article was posted. Nevertheless, many of Welch’s points about Apple dragging its feet on this update remain valid. Why did Apple wait so long – nearly three months after being notified of this problem – to issue a fix?