Apple fixes DNS security flaw
By Matthew Sparkes,
Apple has finally released a fix for a well-publicised DNS bug that will protect both its Tiger and Leopard operating systems against allowing phishing attacks.
The DNS bug was first spotted by security researcher Dan Kaminsky over six months ago, but no news was published until July in order to allow companies to develop a fix. In an unprecedented development effort, engineers from Microsoft, Sun and Cisco jointly worked on a patch.
"This hasn't been done before and it is a massive undertaking," explained Kaminsky last month. However, Apple failed to patch the problem until now.
The flaw could allow attackers to redirect browsers to third party sites containing malicious code, even if they correctly entered the URL for a legitimate website.
News of the security vulnerability eventually emerged on July 8 from Kaminsky himself at a security conference, with a practical exploit becoming available online on July 23. This left Apple users vulnerable while a patch was developed.
However, despite fixes being available for other operating systems, many users are yet to protect themselves from potential phishing attacks by installing them.
Kaminsky warned last week that just over half of machines remain unprotected, which is "not good enough".
An Apple spokesperson this morning explained that the company was unlikely to comment on strategic planning matters, such as the release of security updates.
Tom Cross, senior X-Force researcher for IBM security systems, also today released advice in a blog posting about how organisations could deal with any possible vulnerabilities.
advertisement
Latest Security Features
IT around the world: Russia
In the first of an on-going series examining IT markets around the globe, we look at whether investing in Russia is worth the risk – and how to go about it the right way.
- Chinese web control an Olympic challenge for tech firms
- SOS Bletchley Park
- Where will IT be in 2015?
- Q&A: John Stewart, Cisco's chief security officer
- NHS IT - something to celebrate?
- Q&A: Tom Ilube, head of Garlik
- Ten of the most infamous ‘black hat’ hackers
- USB Flash Disks: A modern day business curse?
- Creating a mobile data management policy
Latest Security Reviews
AVG Internet Security SBS Edition 8.0
Rating: 
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
- EXCLUSIVE: Arbor Networks Peakflow X 3.7
- EXCLUSIVE: Check Point UTM-1 1050
- EXCLUSIVE: Finjan Vital Security NG-5100
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?