To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/malware/0,3800003100,39266499,00.htm

Apple releases patch for critical flaw
Tiger and Leopard fit to roar

By Steven Musil

Published: Friday 01 August 2008

Apple released a security update yesterday to users of its Tiger and Leopard operating systems to address a critical Domain Name System flaw, along with a dozen other updates.

The DNS flaw, which was first reported by Dan Kaminsky of IOActive on 8 July, could allow attackers to redirect website visitors to any site they choose and present forged information. The DNS translates the common name of a website into its numerical IP address, and is therefore a fundamental component to the internet.

An exploit code that could allow someone to attack the DNS was available in various places on the internet on 23 July.

Apple's update also fixes a QuickLook bug where loading a malicious Microsoft Office file could lead to "arbitrary code execution".

Apple recommends Security update 2008-005 for all systems running Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.4, Mac OS X Server v10.5.4. The update is available at Apple.com or through the update mechanism in OS X.