Is this a Mac threat also?

Discussion in 'Mac Basics and Help' started by Luis Ortega, Jul 25, 2008.

  1. Luis Ortega macrumors 6502a

    Joined:
    May 10, 2007
    Location:
    Fetcham Surrey UK
    #1
    I ran across this article today and had not heard anything about it on Mac sites, so I was wondering if this is something we need to worry about and whether anyone with a Mac has heard anything or tried to apply the patch that is mentioned.

    The whole article is at:
    http://www.breitbart.com/article.php?id=080709124916.zxdxcmkx&show_article=1

     
  2. Raid macrumors 68020

    Raid

    Joined:
    Feb 18, 2003
    Location:
    Toronto
    #2
    From what I understand of the article this is a problem / vulnerability with the way addressing is handled by servers that direct the traffic of the internet. It's not really a Mac or PC issue, but rather an issue for those who make up the protocols used to direct traffic on the web (like CISCO).
     
  3. BlakTornado Guest

    BlakTornado

    Joined:
    Apr 24, 2007
    Location:
    Washington, OH
    #3
    It can effect any computer that's DNS doesn't have the patch.
     
  4. hagjohn macrumors 6502

    hagjohn

    Joined:
    Aug 27, 2006
    Location:
    Pennsylvania
    #4
    Not a real good source, but...

    Microsoft joins ‘patch DNS now’ chant; Apple patch missing

    According to Rich Mogull, Apple is also among the tardy vendors:

    Apple has yet to patch the vulnerability which affects both Mac OS X and Mac OS X Server. While individual computers that look up DNS are vulnerable, servers are far more at risk due to the nature and scope of the attack.

    Apple uses the popular Internet Systems Consortium BIND DNS server which was one of the first tools patched, but Apple has yet to include the fixed version in Mac OS X Server, despite being notified of vulnerability details early in the process and being informed of the coordinated patch release date.

    All users of Mac OS X Server who use it for recursive DNS must immediately switch to an alternative or risk being compromised and traffic being redirected. Installing the above-mentioned BIND should be relatively trivial for anyone who can compile software at the command line. The Mac community could take this up if someone created a compiled version of BIND 9.0.5-P1 and distributed it for simpler installation.

    With active exploit code available in a common attack tool, it is imperative that Apple fix this vulnerability. Due to their involvement in the process and the ability of other vendors to fix their products in a timely fashion, it’s hard to imagine any possible justification for Apple’s tardy behavior.
     
  5. Raid macrumors 68020

    Raid

    Joined:
    Feb 18, 2003
    Location:
    Toronto
    #5
    Yeah I just saw this on MacNN, so I was half right. For most regular users this is not much of an issue, but Apple is facing criticism for not getting off their butt!
    Maybe Apple is working on getting MobileMe stable first. Ok that was a cheap shot, sorry Apple ;)
     

Share This Page