back to article Tardy Apple finally releases DNS patch

Apple has finally gotten around to defending against a high-profile Domain Name System flaw, days after security researchers called it out for dragging its heels on releasing a patch. The Mac OS X security update issued by Apple on Thursday defends against the infamous DNS poisoning issue, discovered by security researcher Dan …

COMMENTS

This topic is closed for new posts.
  1. Webster Phreaky
    Jobs Horns

    Bwah ha ha ha ..... "Tardy Apple" ..... bwah ha ha ha

    THE Reg courts with raising the ire of all the MacTards by stating the truth ... Apple the Security Risk, Apple the Flawed OS, Apple the Slacker.

    Lets see that in one of those BS clever Mac vs PC commercials.

    It's a bird, it's a plane, it's superman ..... naw, it's Stevie Gods jetting around carelessly in his FREE $80 Million Dollar Carbon Spewing Gulfstream Private Jet with Mr. Global Warming bullshit Al Gore. What a pair.

  2. Simon
    Thumb Down

    *FacePalm*

    Oh gawd, its Webster.

    I was hoping he had fallen down a hole or had been beaten up by some small children.

  3. M Sharp

    DNS patched? Not so fast, say researchers

    Server issues have been addressed, but the client-side vulnerability is still open...

    http://www.insanely-great.com/news.php?id=9445

    There's also the question of whether or not bind is active / vulnerable under OS client...

  4. Pierre

    Re FacePalm

    "Oh gawd, its Webster."

    Yep it is. As it happens, Mr Phreaky reappeared at the same time as Mr Orlowski. Pure coincidence?

  5. Hig Hurtenflurst
    Heart

    WebTastic!

    I for one was delighted to see the "Bwah ha ha" that shows Webster is alive and well - and let's face it, the tardy/MacTard opportunity was too good to miss.

    We can all relax again, safe in the knowledge that the quality of comments on El Reg will once again have no lower limit.

    Can we have some icons that range from -11 all the way up to 11 please?

    xx

  6. Jeffrey Nonken
    Dead Vulture

    There, there, it'll be OK, I promise

    He's a troll, small children would run screaming after one look.

    I'm not too worried about this. I mean, yeah, I ran the update as soon as I saw this article, but I'm more worried about my ISP's unpatched DNS servers than my MacBook. Or any of my Linux or Windows machines. Or my FreeBSD server. Um, or my DD-WRT-flashed router.

    OS X: 3. Windows: 1 gazillion. I've had Windows systems get infected just by sitting on a network with another infected machine. In the latest one mine was patched up-to-date (XP Pro) and had an antivirus running. In fact, I've heard stories about Quakecon, where almost everybody came home with malware on their machines. Um, multiple infections, too, not just one. Took my friend more than a week to clean up his system.

    You know why Webster sneers at Macs every time somebody finds a problem? Because he can. I can't do that for Windows because there aren't enough hours in a day. Some of us have to work for a living.

    Hah hah! Take that, Mr. Phreaky. Hah hah! No, I'm sorry, I'm just having a bad day, Webster's a handy target and I like kicking trolls. It's fun to listen to them whine.

    Dead vulture because it would be fun to kill something right now.

  7. Keith Langmead

    Multiple fixes in one update!

    Sorry but WTF! You have a vulnerability which is being actively being exploited, so you issue a patch which fixes not only that but four other issues as well!

    Why? As a windows admin that would give me serious concern! Taking the DNS patches on their own, I can assess the risk of being attacked against the risk of something breaking, but add in additional patches and you increase the chances of something breaking, which only encourages admins to do more testing, rather than getting a critical fix roled out asap.

    This should have been issued on it's own, with perhaps the other updates issued as a separate update... or do Mac's not have a decent Windows Updates / WSUS / SMS capability to help manage this properly?

  8. William Clark

    Webster

    Is'nt he/she a Reg staff troll? - I think a lot of sites have them to get hits/responses for their advertisers (source of income)

    Just adding my response.

  9. Anonymous Coward
    Boffin

    Apple had already patched this in the previous update some weeks back

    Well, I have checked named on my Mac BEFORE installing this update and to my surprise, it already had BIND 9.4.1-P1 installed, which must have been patched with the previous security update a few weeks ago.

    Guys, you can easily verify this for yourselves. Install OSX off DVDs on a spare partition or disk, apply all the updates from Apple BUT NOT this latest one, then open a terminal window and run the command "named -v" which will return the verson of BIND. You will find it will return "BIND 9.4.1-P1", even without having installed the latest security update. BIND 9.4.1-P1 is of course the patched version of BIND which Kaminsky's site says addresses the issue and which everybody else is also using. I am not making this up, check for yourselves!

    It seems that the online media are in a frenzy to report whatever news with "Apple" in the headline to get hits, they don't seem to care to verify the "news" first, they're after the advertising dollars only. The Register isn't what it used to be. Should have checked facts first.

This topic is closed for new posts.