IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Apple fixes DNS security flaw

Apple protects itself from a highly publicised DNS vulnerability which has the potential to severely hit browsers and operating systems.

Apple has finally released a fix for a well-publicised DNS bug that will protect both its Tiger and Leopard operating systems against allowing phishing attacks.

The DNS bug was first spotted by security researcher Dan Kaminsky over six months ago, but no news was published until July in order to allow companies to develop a fix. In an unprecedented development effort, engineers from Microsoft, Sun and Cisco jointly worked on a patch.

"This hasn't been done before and it is a massive undertaking," explained Kaminsky last month. However, Apple failed to patch the problem until now.

The flaw could allow attackers to redirect browsers to third party sites containing malicious code, even if they correctly entered the URL for a legitimate website.

News of the security vulnerability eventually emerged on July 8 from Kaminsky himself at a security conference, with a practical exploit becoming available online on July 23. This left Apple users vulnerable while a patch was developed.

However, despite fixes being available for other operating systems, many users are yet to protect themselves from potential phishing attacks by installing them.

Kaminsky warned last week that just over half of machines remain unprotected, which is "not good enough".

An Apple spokesperson this morning explained that the company was unlikely to comment on strategic planning matters, such as the release of security updates.

Tom Cross, senior X-Force researcher for IBM security systems, also today released advice in a blog posting about how organisations could deal with any possible vulnerabilities.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Apple executive rejoins Google over remote work policy
flexible working

Apple executive rejoins Google over remote work policy

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Three lessons the iPod can teach us about disruption
Technology

Three lessons the iPod can teach us about disruption

11 May 2022
Best smartphone 2022: The top handsets from Apple, Samsung, Google and more
Mobile

Best smartphone 2022: The top handsets from Apple, Samsung, Google and more

8 Apr 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022