Apple Fixes DNS Flaw In Massive Update

Altogether, Apple issued 18 security updates affecting both Tigard and Leopard operating systems, versions 10.4 and 10.5 respectively, which fixed holes in ATS, BIND, ClamAV, Directory Services, Finder, ImageIO, Kernel, libresolv, Login Window, mDNSResponder, OpenSSH, QuickDraw Manager, Ruby, SearchKit and System Configuration, System Preferences, Time Machine, Video Conference and Wiki Server.

Among some of the most significant updates were fixes for mDNSResponder and libresolv, repairing several high profile errors that enable a remote hacker to execute a DNS cache poisoning attack on a computer when a user is surfing the Web.

The error stems from a fundamental multi-platform error in the DNS protocol that opens up the door for a remote attacker to send phony or forged information to applications that rely on mDNSResponder, a function which essentially "translates" conversations between host names and IP addresses when a user makes an online request to visit a Website.

Two separate updates address the DNS flaws in both libresolv and mDNSResponder by randomizing the source port and transaction ID in order to improve resiliency and reduce the chances of a cache poisoning attack.

While cache poisoning errors have existed for years, researcher Dan Kaminsky of IOActive initially detected this particular variation of the error, releasing details during the BlackHat USA conference in August.

Also included in the patch bundle were fixes for ClamAV, Apple's opensource antivirus software embedded under the hood in its OS X server.

Apple additionally released numerous fixes for critical memory corruption errors in the handling of TIFF images. If left unpatched, an attacker could execute arbitrary code or unleash a denial of service attack on a vulnerable system after enticing a user to view maliciously crafted TIFF or JPEG images.

Another imaging error found in the QuickDraw Manager resulted from an integer overflow flaw that could potentially allow a remote attacker to execute a denial of service attack or completely take control of an affected system if a user opened a specially crafted PICT image containing malicious code.

Not all of the errors fixed by the update allowed remote code exploitation, an impact that other IT companies often deem as critical. Update 10.5.5 also addressed several flaws in Finder that enabled an attacker with access to the local network to cause the Finder to exit immediately after it starts, ultimately rendering the system unusable.

A Finder patch repaired a glitch in the Get Info window which prevented users from viewing changes to the filesystem Sharing and Permissions function after cliking the lock button.

The patches are available through the Software Update or Apple Download sections on the Apple Website. The site advises Mac users to patch their systems as soon as possible.