Apple issues an update to fix a bug affecting Mac OS X, including server editions. The patch comes shortly after Apple pushed out 18 fixes to users.
a series of security holes in Mac OS X
on Aug. 6, Apple has issued another
This time the patch is for the BIND service, and is aimed at systems running
Mac OS X 10.5.8 and v10.4.11, including server editions. According to Apple,
logic issue in the handling of dynamic DNS (Domain Name System) update messages
can cause an assertion to be triggered. Armed with a malicious updated message
for the BIND DNS server, an attacker could interrupt the BIND service and cause
the DNS server to terminate.
"The issue affects servers which are masters for one or more zones,
regardless of whether they accept updates," the Apple advisory stated.
is included with Mac OS X and Mac OS X Server, but it is not enabled by
default. This update addresses the issue by properly rejecting messages with a
record of type 'ANY' where an assertion would previously have been raised."
An exploit targeting the flaw has been reported
in the wild.
The update can be downloaded from Apple here.