Information Security News: Apple Fails to Patch Critical Exploited DNS Flaw

[InfoSec News <alerts () infosecnews org>]

http://db.tidbits.com/article/9706

By Rich Mogull and Glenn Fleishman
TidBITS Safe Computing
24 July 2008

On 08-Jul-08, a massive security patch was released by dozens of vendors 
for a major vulnerability in DNS (Domain Name Service), discovered by 
security researcher Dan Kaminsky. DNS is one of the fundamental 
underpinnings of the Internet, translating domain names (like 
tidbits.com) into IP addresses (like 216.168.61.78). Because DNS is so 
core to the functioning of the Internet, this vulnerability is perhaps 
the most significant security problem to face the Internet in the last 
decade.

All users who connect to Mac OS X-based servers for DNS lookups are at 
risk: Apple has not yet provided a patch, unlike dozens of other 
companies that make or distribute operating systems or DNS server 
software.

Apple was clearly distracted by the largest set of launches in its 
history: the iPhone 3G, the iPhone 2.0 software, the .Mac-to-MobileMe 
transition, and the App Store. Nonetheless, their customers are now in 
danger and Apple needs to respond immediately.

[...]


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com