Apple fixes DNS security flaw
By Matthew Sparkes
Posted on 1 Aug 2008 at 08:22
Apple has finally released a fix for a well-publicised DNS bug that will protect both its Tiger and Leopard operating systems against allowing phishing attacks.
The DNS bug was first spotted by security researcher Dan Kaminsky over six months ago, but no news was published until July in order to allow companies to develop a fix. In an unprecedented development effort, engineers from Microsoft, Sun and Cisco jointly worked on a patch.
"This hasn't been done before and it is a massive undertaking," explained Kaminsky last month. However, Apple failed to patch the problem until now.
The flaw could allow attackers to redirect browsers to third party sites containing malicious code, even if they correctly entered the URL for a legitimate website.
News of the security vulnerability eventually emerged on July 8 from Kaninsky himself at a security conference, with a practical exploit becoming available online on July 23. This left Apple users vulnerable while a patch was developed.
However, despite fixes being available for other operating systems, many users are yet to protect themselves from potential phishing attacks by installing them.
Kaminsky warned last week that just over half of machines remain unprotected, which is "not good enough".
An Apple spokesperson this morning explained that the company was unlikely to comment on strategic planning matters, such as the release of security updates.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
