DNS patched? Not so fast, say researchers


When Apple released the Security Update 2008-005 yesterday, a collective sigh of relief echoed around the world--the long-standing DNS vulnerability, along with 16 other issues, had been patched.

Today, relief has turned to consternation as ComputerWorld reports Apple's DNS patch didn't actually patch anything on the client side, leaving issue exactly as it had been yesterday.

Macbook, Macbook Pro, iMac and iPod Sale!


"The difficult news this morning is that we thought we were getting a patch, but we haven't gotten anything," said Andrew Storms, director, security operations, nCircle Network Security. "Essentially, we're at the same place as we were yesterday before Apple released the patch."

Testing performed by Storms, as well Swa Frantzen at SANS Institute's Internet Storm Center, confirmed that the client version of Mac OS X was still incrementing ports, not randomizing them, as should have been the case if the issue had actually been fixed.

Editor's note: Some heads are gonna roll...

Download, Play, Burn MP3s! No DRM. No Restrictions. No Worries.