Apple Reacts to Spoof Threats, Issues DNS Hotfix

Apple Inc. took action on Friday to address the infamous Domain Name System (DNS) problem. And none too soon.

This week saw a DNS server exploit divert AT&T Internet service users in Austin, Texas. The DNS trouble, which caused users to be sent to a bogus Web page, occurred more than a week after Microsoft issued its own warning about the dangers of a weak DNS framework.

In response to the threat, Apple released Security Update 2008-005, saying that its latest hotfix protects open scripting architecture libraries from certain vulnerabilities. If left unfixed, a hacker or internal enterprise user might leverage the exploit to "execute commands with elevated privileges."

On the whole, the patch addresses the DNS issue by implementing what the company calls "source port randomization to improve resilience against [DNS] cache poisoning attacks."

The patch is for Mac OS X Server 10.4 and 10.5, as well as for Mac OS X 10.4.11 and 10.5.4 operating systems.

For Mac OS X v10.4.11 systems, the Berkeley Internet Name Domain (BIND) is updated to version 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version 9.4.2-P1. The hotfix also closes the script-based local privilege escalation vulnerabilities in the MAC for Windows programs.

Apple responded to one of this year's most controversial security issues in issuing the hotfix, but there is already some push back. Security researcher Swa Frantzen, who works at the SANS Internet Storm Center, asserted that the hotfix is incomplete. Apple's fix hasn't quite done the trick.

"Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the [Internet] Protocol weakness," Frantzen wrote in a blog post on Friday.

The issue appears to be that, despite Apple's patch, BIND under OS X is incrementing the ports it uses to communicate DNS information in a predictable instead of random pattern.

Andrew Storms of San Francisco-based IT consultancy nCircle, says that Apple, like Microsoft, may have rushed the patch and let the buzz around the vulnerability dictate its actions instead of vice versa.

"We know with Microsoft that there were a few problems even installing their DNS patch," he said. "Now, with Apple, we're seeing that the current countermeasure to this DNS cache poisoning vulnerability is to introduce increased entropy by forcing randomization of the query ID and the source port."

Storms said it's evident that many are spooked by an increasing pervasive vulnerability that few people know much about as of yet.

"The issue is that [DNS spoofing] is a silent killer," he said. "You usually won't know until it's over and it's more complex because it involves coding behind the spoofing and once you're redirected to what looks like a legit site, most of the hacker's work is done already."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Sync Issues Can Arise for PCs with Poor VPN Connections

    Microsoft this week reminded IT pros that PC connections through virtual private networks can sometimes lead to time synchronization issues, possibly causing reduced functionality for end users.

  • HoloLens 2 Borrows Its Killer Feature from Windows

    Turns out the secret to the HoloLens 2's success has nothing to do with holograms.

  • Microsoft Simplifying VPN Configurations for Its Video Streaming Services

    Microsoft this week announced that it is working on a more simplified way for an organization to leverage local end user Internet connections when accessing Microsoft Stream and Microsoft 365 Live Events video feeds.

  • Microsoft Previews MSIX App Attach for Windows Virtual Desktop

    Microsoft this week indicated in an announcement that the MSIX App Attach capability in the Windows Virtual Desktop service can now be tried via a preview of the Windows 10 Enterprise Multisession operating system.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.