Apple fixes DNS security flaw

Apple protects itself from a highly publicised DNS vulnerability which has the potential to severely hit browsers and operating systems.

Apple has finally released a fix for a well-publicised DNS bug that will protect both its Tiger and Leopard operating systems against allowing phishing attacks.

The DNS bug was first spotted by security researcher Dan Kaminsky over six months ago, but no news was published until July in order to allow companies to develop a fix. In an unprecedented development effort, engineers from Microsoft, Sun and Cisco jointly worked on a patch.

"This hasn't been done before and it is a massive undertaking," explained Kaminsky last month. However, Apple failed to patch the problem until now.

The flaw could allow attackers to redirect browsers to third party sites containing malicious code, even if they correctly entered the URL for a legitimate website.

News of the security vulnerability eventually emerged on July 8 from Kaminsky himself at a security conference, with a practical exploit becoming available online on July 23. This left Apple users vulnerable while a patch was developed.

However, despite fixes being available for other operating systems, many users are yet to protect themselves from potential phishing attacks by installing them.

Kaminsky warned last week that just over half of machines remain unprotected, which is "not good enough".

An Apple spokesperson this morning explained that the company was unlikely to comment on strategic planning matters, such as the release of security updates.

Tom Cross, senior X-Force researcher for IBM security systems, also today released advice in a blog posting about how organisations could deal with any possible vulnerabilities.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

The true story behind the IBM Personal Computer
Hardware

The true story behind the IBM Personal Computer

3 Dec 2021
MacBook Pro owners report MagSafe charging issues
Laptops

MacBook Pro owners report MagSafe charging issues

30 Nov 2021
Apple's mixed reality headset could debut in 2022
augmented reality (AR)

Apple's mixed reality headset could debut in 2022

29 Nov 2021
IBM unveils world-first machine learning training method for GDPR-compliance
machine learning

IBM unveils world-first machine learning training method for GDPR-compliance

25 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021