Apple is updating its Mac OS X for a BIND DNS issue that was patched by other vendors two weeks ago.
The issue is a critical vulnerability in the BIND 9 DNS server that could lead to a Denial of Service (DoS) attack condition. It’s an issue that US-CERT issued a warning on, and was reported to be exploited in the wild.
The ISC – the group that leads development of BIND – had a patch out on July 29th – so that means to my naked eye, that Apple Mac OS X server users have been at risk for two weeks.
Not only at risk, but at risk from a known flaw for which exploit code exists in the wild. Not only does exploit code exist, but so did a patch – but not for Mac OS X.
Is it the ISC’s fault? I don’t think so. They put out the source code and enable anyone to repackage a binary that would work for multiple operating systems.
Apple in my opinion was just a bit slow in this case.