Apple Reacts to Spoof Threats, Issues DNS Hotfix

Apple Inc. took action Friday to address the infamous Domain Name System (DNS) problem. And none too soon.

Last week saw a DNS server exploit divert AT&T Internet service users in Austin, Texas. The DNS trouble, which caused users to be sent to a bogus Web page, occurred more than a week after Microsoft issued its own warning about the dangers of a weak DNS framework.

In response to the threat, Apple released Security Update 2008-005, saying that its latest hotfix protects open scripting architecture libraries from certain vulnerabilities. If left unfixed, a hacker or internal enterprise user might leverage the exploit to "execute commands with elevated privileges."

On the whole, the patch addresses the DNS issue by implementing what the company calls "source port randomization to improve resilience against [DNS] cache poisoning attacks."

The patch is for Mac OS X Server 10.4 and 10.5, as well as for Mac OS X 10.4.11 and 10.5.4 operating systems.

For Mac OS X v10.4.11 systems, the Berkeley Internet Name Domain (BIND) is updated to version 9.3.5-P1. For Mac OS X v10.5.4 systems, BIND is updated to version 9.4.2-P1. The hotfix also closes the script-based local privilege escalation vulnerabilities in the MAC for Windows programs.

Apple responded to one of this year's most controversial security issues in issuing the hotfix, but there is already some push back. Security researcher Swa Frantzen, who works at the SANS Internet Storm Center, asserted that the hotfix is incomplete. Apple's fix hasn't quite done the trick.

"Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the [Internet] Protocol weakness," Frantzen wrote in a blog post on Friday.

The issue appears to be that, despite Apple's patch, BIND under OS X is incrementing the ports it uses to communicate DNS information in a predictable instead of random pattern.

Andrew Storms of San Francisco-based IT consultancy nCircle, says that Apple, like Microsoft, may have rushed the patch and let the buzz around the vulnerability dictate its actions instead of vice versa.

"We know with Microsoft that there were a few problems even installing their DNS patch," he said. "Now, with Apple, we're seeing that the current countermeasure to this DNS cache poisoning vulnerability is to introduce increased entropy by forcing randomization of the query ID and the source port."

Storms said it's evident that many are spooked by an increasing pervasive vulnerability that few people know much about as of yet.

"The issue is that [DNS spoofing] is a silent killer," he said. "You usually won't know until it's over and it's more complex because it involves coding behind the spoofing and once you're redirected to what looks like a legit site, most of the hacker's work is done already."

About the Author

Jabulani Leffall is a business consultant and an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. He consulted for Deloitte & Touche LLP and was a business and world affairs commentator on ABC and CNN.

Featured

  • Microsoft

    Microsoft Introduces Its First Quantum Computing Chip

    Microsoft has unveiled Majorana 1, its first quantum computing chip, aimed at deployment in datacenters.

  • illustration of a futuristic building labeled "AI & Innovation," featuring circuit board patterns and an AI brain motif, surrounded by geometric trees and a simplified sky

    Cal Poly Pomona Launches AI and Innovation Center

    In an effort to advance AI innovation, foster community engagement, and prepare students for careers in STEM fields and business, California State Polytechnic University, Pomona has teamed up with AI, cloud, and advisory services provider Avanade to launch a new Avanade AI & Innovation Center.

  • computer screen displaying a landline phone being unplugged from a single cord, with a modern office desk, keyboard, and subtle lighting in the background

    Microsoft to Discontinue Skype Services

    Microsoft has announced that it is shutting down service for its Skype telecommunications and video calling services on May 5, 2025.

  • illustration of a football stadium with helmet on the left and laptop with ed tech icons on the right

    The 2025 NFL Draft and Ed Tech Selection: A Strategic Parallel

    In the fast-evolving landscape of collegiate football, the NFL, and higher education, one might not immediately draw connections between the 2025 NFL Draft and the selection of proper educational technology for a college campus. However, upon closer examination, both processes share striking similarities: a rigorous assessment of needs, long-term strategic impact, talent or tool evaluation, financial considerations, and adaptability to a dynamic future.