Apple patches Mac OS X for BIND DNS – 2 weeks late!?

From the ‘What’s Going On?‘ files:

Apple is updating its Mac OS X for a BIND DNS issue that was patched by other vendors two weeks ago.

The issue is a critical vulnerability in the BIND 9 DNS server that could lead to a Denial of Service (DoS) attack condition. It’s an issue that US-CERT issued a warning on, and was reported to be exploited in the wild.

The ISC – the group that leads development of BIND – had a patch out on July 29th – so that means to my naked eye, that Apple Mac OS X server users have been at risk for two weeks.

Not only at risk, but at risk from a known flaw for which exploit code exists in the wild.  Not only does exploit code exist, but so did a patch – but not for Mac OS X.

Is it the ISC’s fault? I don’t think so. They put out the source code and enable anyone to repackage a binary that would work for multiple operating systems.

Apple in my opinion was just a bit slow in this case.

News Around the Web