Friday, August 1

Apple posts DNS update (amongst other things)

I had a conversation on a private security mailing list yesterday about Apple not shipping the update to the DNS flaw yet.  So I got a hold of Apple, and they told me it would be coming out very soon.

Well, I guess late last night they posted the update.  Which, among other things, fixes a bunch of security flaws, including the DNS flaw.

Open Scripting Architecture
BIND
CarbonCore
CoreGraphics
Data Detectors Engine
Disk Utility
OpenLDAP
OpenSSL
PHP
QuickLook
rsync

Remember that ARDagent vulnerability?  Well it wasn't really a bug in how ARD works, it's a bug in how ARD calls the scripting agent.  It's fixed in the above "Open Scripting Architecture" bug.

 Subscribe in a reader

No comments: