On The Insider: Gerard Butler Joins Aniston in Mexico
BNET Business Network:
BNET
TechRepublic
ZDNet

August 12th, 2009

Apple drops (another) Mac OS X security patch

Posted by Ryan Naraine @ 2:18 pm

Categories: Uncategorized

Tags: Apple Macintosh, BIND, Apple Inc., Apple Mac OS X, Domain Names, Apple Mac OS, Operating Systems, Security, Software, Internet

Less than a week after fixing 19 Mac OS X security vulnerabilities, Apple is on the patch treadmill again.

The company released Security Update 2009-004 to fix a solitary BIND vulnerability that could lead to denial of service attacks.  Apple warns:

A logic issue in the handling of dynamic DNS update messages may cause an assertion to be triggered. By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service. The issue affects servers which are masters for one or more zones, regardless of whether they accept updates. BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default.

[ SEE: Apple warns of Mac attack risk via image files ]

The patch addresses the issue by properly rejecting messages with a record of type ‘ANY’ where an assertion would previously have been raised.

Just yesterday, Apple shipped a new version of its Safari browser to fix six documented security problems.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 90 Talkback(s)
@non-Zealot: Then show me more realistic numbers--from a verifiable source.
As yet, I have not seen a single source other than the one I linked that
shows worldwide numbers and also breaks them down into regions. I
have also seen no verifiable source that even begins ... (Read the rest)
Posted by: vulpine@... Posted on: 09/15/09 You are currently: a Guest | | Terms of Use
The patch to fix the patch that fixed the patch that Jack built  NonZealot | 08/12/09
No, Apple does not release a lot of patches  Qbt | 08/12/09
Apple are the worst, consistently. OSX in 2009: In excess of 109 vulns!  honeymonster | 08/12/09
And, once again...  vikingnyc@... | 08/13/09
And once again...  Qbt | 08/13/09
You keep quoting the same numbers... This isn't the year 2000 any more.  vulpine@... | 08/13/09
And you need to realize the US is not the world.  rtk | 08/13/09
There is a world outside the USA, you know  Qbt | 08/13/09
I see you changed your tune, rtk...  vulpine@... | 08/14/09
same song  rtk | 08/14/09
Your Numbers  Flying Pig | 08/18/09
I'd like to note that...  vulpine@... | 08/13/09
Nope, vulnerability count: OSX: Excess of 109, Vista: 27, XP: 35  honeymonster | 08/13/09
I think you need to look a little deeper.  vulpine@... | 08/14/09
I just went over the list...  honeymonster | 08/15/09
so....  doh123 | 08/18/09
Uh, no.  914four | 08/27/09
Better question:  vulpine@... | 08/13/09
Only 4? Apple had 23 "patch events" in 2009  Qbt | 08/13/09
Don't feed this troll  tonymcs@... | 08/16/09
He is not a troll  honeymonster | 08/17/09
What kind of sole?  Lester Young | 08/17/09
Not sole, anchor  oldbaritone | 08/18/09
What's a Mac Boat?  zdnet-gregc | 08/18/09
The Bind Bind  DannyO_0x98 | 08/12/09
The Emperor's new clothers didn't work  tonymcs@... | 08/12/09
It's not locked down if it has never been put to the test  Qbt | 08/12/09
I took "locked down" to mean a closed system controlled by Apple.  ye | 08/13/09
Yea I know, it I was kinda making a more general statement  Qbt | 08/13/09
As long as you believe the Mac's installed base is so low...  vulpine@... | 08/13/09
You can believe any made-up statistic you want...  Qbt | 08/13/09
"... you have to be a pretty dumb hacker..."  vulpine@... | 08/13/09
Yes, because of Apple being a bit player  Qbt | 08/13/09
There's one more factor which will turn attackers to go after OSX  honeymonster | 08/13/09
DEP/NX on OS/X  zdnet-gregc | 08/17/09
Or is it the Mac that covers 12%?  bbonis@... | 08/13/09
i actually do believe its just the beginning of more fixes  nessrapp | 08/13/09
Bigger target.  phatkat | 08/14/09
RE: Apple drops (another) Mac OS X security patch  photomstr@... | 08/13/09
Why do you care?  odcchaz | 08/13/09
Agreed.  vulpine@... | 08/13/09
See the problem is...  Qbt | 08/13/09
How can you say those claims are all false...  vulpine@... | 08/13/09
LOL, talk about making up "facts"  Qbt | 08/13/09
You are out of the loop, aren't you?  vulpine@... | 08/13/09
So you just admitted that marketshare is the key  Qbt | 08/13/09
You're arguing...  zkiwi | 08/13/09
To zwiki: Nope, not what I said at all...  Qbt | 08/13/09
Now you're getting ridiculous  zkiwi | 08/13/09
@zkiwi: It is you who are being ridiculous.  ye | 08/14/09
I guess you missed the bit...  zkiwi | 08/14/09
Following that question about Conficker...  vulpine@... | 08/14/09
@zkiwi: Nope. I didn't miss your FUD.  ye | 08/14/09
@vulpine: That's easy. There's 65 million dumb people.  ye | 08/14/09
Where did the 65 million come from?  Sleeper Service | 08/14/09
For those of you who want to know where my numbers come from...  vulpine@... | 08/20/09
Sorry but those numbers are biased  NonZealot | 08/20/09
@non-Zealot: Then show me more realistic numbers--from a verifiable source.  vulpine@... | 09/15/09
Well...  zkiwi | 08/13/09
That's nice...  Sleeper Service | 08/14/09
You don't understand security  adamchou | 09/09/09
How can you say those claims are all false...  zdnet-gregc | 08/17/09
oh?  stroutner@... | 08/17/09
Very true  Gis Bun | 08/13/09
You may be right, but...  vulpine@... | 08/14/09
Would you believe me if I said the same for Windows?  NonZealot | 08/14/09
It means that neither of you are idiots  goff256 | 08/17/09
Huh?  The_Mastermind | 08/18/09
Why do you care?  zdnet-gregc | 08/17/09
I'd assume quite many  alkanshel | 08/18/09
I'd assume quite many  zdnet-gregc | 08/18/09
I'd expect more from you, Z  PlayFair | 08/13/09
RE: Apple drops (another) Mac OS X security patch  conchchowder | 08/17/09
RE: Apple drops (another) Mac OS X security patch  iamnoskcaj | 08/17/09
RE: Apple drops (another) Mac OS X security patch  Timpraetor | 08/17/09
Lessons over the months...  goff256 | 08/17/09
90's Hip Hop slang as your title? Really?  tlarvenz | 08/17/09
The author made it sound like Apple decided not to fix the problem  SortedPunchCards | 08/17/09
RE: Apple drops (another) Mac OS X security patch  cyberpundit | 08/17/09
Blah blah blah...  Fred Fredrickson | 08/17/09
A gun is a gun is a gun.  nanchatte | 08/18/09
Love your post Nanchatte  gkrwc | 08/18/09
Long winded, but Spot On! Tired of My Nissan is better'n ur Ford crap.  invmgr@... | 08/18/09
This matters WHY?  SpectreWriter | 08/18/09
RE: Apple drops (another) Mac OS X security patch  geek-in-a-cubicle | 08/18/09
Text deleted - reposted as a response to a message  Flying Pig | 08/18/09
RE: Apple drops (another) Mac OS X security patch  Teedoff | 08/18/09
Wrong  goff256 | 08/24/09
Wrong  adamchou | 09/09/09
RE: Apple drops (another) Mac OS X security patch  bb_apptix | 08/24/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here