Apple releases DNS security update for Mac OS X
Katie MarsalEntitled Security Update 2009-004, the software patch is available for download via Software Update. The update is recommended for Mac OS X 10.5.8, Mac OS X Server 10.5.8, Mac OS X 10.4.11, and Mac OS X Server 10.5.8. Updates are also available directly from Apple for Server Tiger Power PC (130.97MB), Server Tiger Universal (204MB), Leopard (166MB), Tiger Intel (166MB), and Tiger Power PC (130MB).
Apple states that hackers can send a message update to the BIND DNS server, allowing a remote attacker to interrupt BIND service. A "logic issue" in the operating system's handling of DNS update messages can "cause an assertion to be triggered."
"The issue affects servers which are masters for one or more zones, regardless of whether they accept updates," Apple states. "BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default. This update addresses the issue by properly rejecting messages with a record of type 'ANY' where an assertion would previously have been raised."
Also Wednesday, Apple released updates for AirPort and Boot Camp. The AirPort Client update addresses an issue with the device's performance while running on battery power on some Intel-based machines, while Multi-Touch Trackpad update version 1.1 for Windows XP and Vista improves reliability while using Microsoft's operating systems on a Mac via Boot Camp.
Last week Apple released an upgrade to its Max OS X 10.5 Leopard operating system. Version 10.5.8 included security fixes, improved Bluetooth reliability, and upgraded Safari to version 4.0.2. Safari 4.0.3 was released Wednesday with a handful of minor fixes.
Wesley Hilliard
Amber Neely
William Gallagher
Malcolm Owen
