Skip to content

Security Update Out

More information here.

To clarify: I was ranting about the lack of transparency regarding a very big issue that everyone else appeared to have been pretty public about. I don’t know how they went about writing the update, but if they were waiting for the entire update, instead of issuing a single Bind patch to be in sync with everyone else, then that would explain the delay.

For something on the scale of the bind exploit, I would have hoped they issued a separate update for it.

2008 07 31 Enterprise
Security Comments (0) Permalink

Apple Dragging their feet with DNS hijack fix

 

[updated- see bottom of post]

Apple has still yet to acknowledge a timeline for when they will be providing a patch for BIND for OS X Server. This is currently leaving admins having to patch bind themselves (only to have it clobbered in the next apple update) or not even know that there is a problem or how to fix it. The only response I have seen so far has been from another admin who posted to the macos-x-admin mailinglist the a summary of the response he received from Apple in regards to the timeliness of their security patches (in regards to this dns issue). My summary of his is below:

They are currently working out the issues (with some installations of 10.4/5) and will have an update soon™.

It would be worse to break this functionality than to rush out a ‘fix’, especially since we have received no report of any actual exploit against our installed base.

Continue reading ›

Tagged , , ,
2008 07 28 Enterprise
Security Comments (0) Permalink