Share
On Monday, Apple pushed out an impressive round of security fixes for its OS X operating system. The patches offer fixes for versions 10.5.5 and 10.4 of OS X. The biggest fix, however, is a proper patch for the DNS issue discovered earlier this year. Better late than never, Apple is the last of the major vendors to offer a solid fix for the critical issue.
Apple pushes rather large security fix. (IMG: Apple)
BIND is patched, with an update on OS X that moved the version up to 9.4.2-P2. The issue with BIND corrects performance issues, according to Apple, but the other issue not completely addressed centers on the DNS vulnerabilities discovered earlier this summer by Dan Kaminsky. The added DNS patching is the result of researchers discovering that the patch from July only fixes servers and not client software.
Related to the BIND patches is a patch for libresolv. Libresolv translates host names and IP addresses for applications that use its unicast DNS resolution API.
“A weakness in the DNS protocol may allow remote attackers to perform DNS cache poisoning attacks. As a result, applications that rely on libresolv for DNS may receive forged information,” said Apple, with a mention of credit to Dan Kaminsky for disclosing the issue.
Another interesting patch offered centers on the Kernel, with Apple outlining that: “Cached credentials are not always flushed when a vnode is recycled. This may allow a local user to read or write to a file where the permissions would not allow it. This update addresses the issue through improved handling of purged vnode.”
OpenSSH gets two fixes, the most critical deals with an issue that allows a local user to control another user’s X11 session.
In total, Apple has fixed more than 30 issues related to various CVE IDs. The complete list and more information can be found here.
Apple advises everyone to patch either by downloading the update or using the operating system's automatic update service.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story