Apple fixes DNS security flaw
Apple protects itself from a highly publicised DNS vulnerability which has the potential to severely hit browsers and operating systems.

Apple has finally released a fix for a well-publicised DNS bug that will protect both its Tiger and Leopard operating systems against allowing phishing attacks.
The DNS bug was first spotted by security researcher Dan Kaminsky over six months ago, but no news was published until July in order to allow companies to develop a fix. In an unprecedented development effort, engineers from Microsoft, Sun and Cisco jointly worked on a patch.
"This hasn't been done before and it is a massive undertaking," explained Kaminsky last month. However, Apple failed to patch the problem until now.
The flaw could allow attackers to redirect browsers to third party sites containing malicious code, even if they correctly entered the URL for a legitimate website.
News of the security vulnerability eventually emerged on July 8 from Kaminsky himself at a security conference, with a practical exploit becoming available online on July 23. This left Apple users vulnerable while a patch was developed.
However, despite fixes being available for other operating systems, many users are yet to protect themselves from potential phishing attacks by installing them.
Kaminsky warned last week that just over half of machines remain unprotected, which is "not good enough".
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
An Apple spokesperson this morning explained that the company was unlikely to comment on strategic planning matters, such as the release of security updates.
Tom Cross, senior X-Force researcher for IBM security systems, also today released advice in a blog posting about how organisations could deal with any possible vulnerabilities.
-
What is polymorphic malware?
Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the company
Opinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
Want a return on your AI investment? Open source could be the key to success
News Organizations using open source AI tools are more likely to report a return on investment
-
IBM just open sourced these generative AI coding models
News IBM has open sourced models trained on code written in 116 programming languages - and it could make life a lot easier for enterprise developers
-
Cisco is ramping up AI features in Webex, but in a market dominated by Google, Zoom, and Microsoft, it may struggle to boost user uptake
Analysis Cisco is confident that new AI features for Webex will have users flocking to the platform, but it still faces stiff competition in the productivity space from major industry players
-
Cisco just launched Motific, its first SaaS product aimed at supporting generative AI deployments
News Cisco said Motific will help customers deploy generative AI tools faster, and more effectively
-
Cisco signals open source intentions with Isovalent acquisition
News Cisco says it will leverage the open source capabilities of Cilium to create a “truly unique” multi-cloud and security platform
-
Application performance management for microservice applications on Kubernetes
whitepaper How to improve business-critical app performance in a Kubernetes environment
-
Can Oracle really be Linux's knight in shining armor?
Opinion The self-proclaimed champion of open source freedom would like you to forget about its history
-
Achieving software health in the microservices age
Whitepaper Tips and tricks for the new and emerging remediation methods