Author Topic: Yesterday's OS X Security Update patches DNS Flaw! (Read 4092 times)

gunug · « **on:** August 01, 2008, 07:51:02 AM »

The headline says it all except all the tech pundits think Apple took too long (whatever):

http://www.infoworld.com/article/08/08/01/...DNS_flaw_1.html

It's worked 2 out of 2 times on 10.4 systems for me so far!

Highmac · « **Reply #1 on:** August 01, 2008, 08:24:13 AM »

Thanks Gunug - didn't even know about it until your post. Have now updated.

As usual on all my updates for quite a while now, the fans (G5 iMac) kick in before it loads the OS (the little daisy is still spinning) and keep running all the way through, even after it's finished loading everything. Click Restart in the Apple menu and on the second boot everything is hunky-dory.

I'm used to it now, but mention it here in case any newcomers are startled by it

Gregg · « **Reply #2 on:** August 01, 2008, 12:34:55 PM »

Thanks for the heads up. I'm nabbing it via Software Update today!

krissel · « **Reply #3 on:** August 02, 2008, 08:15:31 AM »

The so-called 'BIND' problem regarding DNS servers being spoofed that has been in the news lately...

http://support.apple.com/kb/HT2647

Gregg · « **Reply #4 on:** August 02, 2008, 10:01:12 AM »

I sense a merger again...

http://www.techsurvivors.net/forums/index....showtopic=19395

gunug · « **Reply #5 on:** August 02, 2008, 10:04:39 AM »

I don't care if no one else does!

kbeartx · « **Reply #6 on:** August 02, 2008, 10:39:47 AM »

QUOTE(gunug @ Aug 2 2008, 10:04 AM) <{POST_SNAPBACK}>

I don't care if no one else does!

And I certainly don't care if Gunug doesn't!

PS - sorry about spelling your handle backwards; I just felt silly this AM and had to do it!

- KB

Xairbusdriver · « **Reply #7 on:** August 02, 2008, 12:56:03 PM »

Read a piece from the Register yesterday complaining that the fix didn't apply to 'client' machines. But some responded that extremely few 'client' machines would ever be running as DNS machines, anyway. So, Apple fixed the problem for servers but didn't see a need to send it out to "the rest of us." I'll have to take the word of those who say it's not needed by our desktop/laptops.

But it provided another chance for some 'experts' to throw dirt at Apple and its tardiness...

sandbox · « **Reply #8 on:** August 02, 2008, 02:14:37 PM »

Rerun

05/24/2007, 4:35pm, EDT

QUOTE

Apple fixes Panther, Tiger vulnerabilities
Apple today issued a security update for Mac OS X 10.3.9 Panther Client and Server as well as Mac OS X 10.4.9 Tiger Client and Server, fixing numerous security holes in both systems. The update includes fixes related to Alias Manager, BIND, CoreGraphics, crontabs, fetchmail, file, iChat, mDNSResponder, PPP, ruby, screen, texinfo, and VPN. Specific vulnerabilities include the potential for attackers to mislead users into opening a substituted file, multiple holes in BIND, arbitrary code execution from opening a maliciously crafted PDF document, and more. Mac owners running these systems are encouraged to either update automatically via the "Software Update" menu item under the Apple Menu or by heading to Apple's website to download the security fix manually.

http://www.macnn.com/articles/07/05/24/app....os.x.security/

Xairbusdriver · « **Reply #9 on:** August 02, 2008, 07:07:06 PM »

Well, it's a "rerun" in the sense that it fixes some of the same vulnerabilities (including BIND), but this was SU 2008-5 as compared to the one last year ( SU 2007-5 ). I doubt that this will be the last SU to address the same problems. Hopefully each new one will be a better fix. I also doubt that there will ever be a final fix for most of these problems. At least for our client machines, they are not being used "in the wild."

gunug · « **Reply #10 on:** August 02, 2008, 07:58:37 PM »

Apparently these guys think Apple Clients are still vulnerable:

http://db.tidbits.com/article/9721

Xairbusdriver · « **Reply #11 on:** August 02, 2008, 09:37:25 PM »

They probably are if they are using their Macs as Domain Name Servers. Are you doing that? I seriously doubt it.

Do you know anyone who is? Maybe at your school?

Of course, the SU did much more than that, anyway and most of that does affect our machines.

krissel · « **Reply #12 on:** August 02, 2008, 11:10:26 PM »

Sorry gunug, I swear I looked for a thread on the subject but I guess I was too tired after being up all night.

Yeah, that's my excuse.

gunug · « **Reply #13 on:** August 03, 2008, 12:51:14 AM »

No big deal Krissel; I've done it several times now! xABD, as to using a computer to do DNS we don't do that on MAC's; we did this in a Linux course that I went to but that was so we could learn the process.

sandbox · « **Reply #14 on:** August 03, 2008, 03:28:30 AM »

QUOTE(gunug @ Aug 2 2008, 08:58 PM) <{POST_SNAPBACK}>

Apparently these guys think Apple Clients are still vulnerable:

http://db.tidbits.com/article/9721

I just ran the terminal test on Panther and it's OK.

News:

Author Topic: Yesterday's OS X Security Update patches DNS Flaw! (Read 4092 times)