[ISN] Apple Fails to Patch Critical Exploited DNS Flaw

From: InfoSec News <alerts_at_private>
Date: Tue, 29 Jul 2008 01:09:05 -0500 (CDT)

By Rich Mogull and Glenn Fleishman
TidBITS Safe Computing
24 July 2008

On 08-Jul-08, a massive security patch was released by dozens of vendors 
for a major vulnerability in DNS (Domain Name Service), discovered by 
security researcher Dan Kaminsky. DNS is one of the fundamental 
underpinnings of the Internet, translating domain names (like 
tidbits.com) into IP addresses (like Because DNS is so 
core to the functioning of the Internet, this vulnerability is perhaps 
the most significant security problem to face the Internet in the last 

All users who connect to Mac OS X-based servers for DNS lookups are at 
risk: Apple has not yet provided a patch, unlike dozens of other 
companies that make or distribute operating systems or DNS server 

Apple was clearly distracted by the largest set of launches in its 
history: the iPhone 3G, the iPhone 2.0 software, the .Mac-to-MobileMe 
transition, and the App Store. Nonetheless, their customers are now in 
danger and Apple needs to respond immediately.


Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Mon Jul 28 2008 - 23:09:05 PDT

This archive was generated by hypermail 2.2.0 : Mon Jul 28 2008 - 23:25:03 PDT