IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Apple fixes DNS security flaw

Apple protects itself from a highly publicised DNS vulnerability which has the potential to severely hit browsers and operating systems.

Apple has finally released a fix for a well-publicised DNS bug that will protect both its Tiger and Leopard operating systems against allowing phishing attacks.

The DNS bug was first spotted by security researcher Dan Kaminsky over six months ago, but no news was published until July in order to allow companies to develop a fix. In an unprecedented development effort, engineers from Microsoft, Sun and Cisco jointly worked on a patch.

"This hasn't been done before and it is a massive undertaking," explained Kaminsky last month. However, Apple failed to patch the problem until now.

The flaw could allow attackers to redirect browsers to third party sites containing malicious code, even if they correctly entered the URL for a legitimate website.

News of the security vulnerability eventually emerged on July 8 from Kaminsky himself at a security conference, with a practical exploit becoming available online on July 23. This left Apple users vulnerable while a patch was developed.

However, despite fixes being available for other operating systems, many users are yet to protect themselves from potential phishing attacks by installing them.

Kaminsky warned last week that just over half of machines remain unprotected, which is "not good enough".

An Apple spokesperson this morning explained that the company was unlikely to comment on strategic planning matters, such as the release of security updates.

Tom Cross, senior X-Force researcher for IBM security systems, also today released advice in a blog posting about how organisations could deal with any possible vulnerabilities.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Cisco to exit Russia, Belarus in business wind-down
Business operations

Cisco to exit Russia, Belarus in business wind-down

24 Jun 2022
Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more
Mobile

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more

23 Jun 2022
WAN Insights is Cisco’s first foray into predictive network intelligence
Network & Internet

WAN Insights is Cisco’s first foray into predictive network intelligence

16 Jun 2022
Cisco unveils new ‘intelligent’ approach to networking with brace of product launches
Network & Internet

Cisco unveils new ‘intelligent’ approach to networking with brace of product launches

16 Jun 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022