But according to security researcher Swa Frantzen from the SANS Internet Storm Center, Apple's fix hasn't quite done the trick.
"Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the protocol weakness," Frantzen said in a blog post.
The issue appears to be that despite Apple's patch, BIND under OS X is incrementing the ports it uses to communicate DNS information in a predictable pattern.
With the premature disclosure of details about the vulnerability 10 days ago and the subsequent appearance of exploit code, US-CERT and the rest of the security community urged immediate repair of vulnerable DNS software.
Unlike other companies that moved swiftly to deal with the problem, Apple dragged its feet. Three weeks after security researcher Dan Kaminsky warned about the flaw on July 8, Apple still had not dealt with the issue, prompting widespread criticism.
"With active exploit code available in a common attack tool, it is imperative that Apple fix this vulnerability," wrote Rich Mogull and Glenn Fleishman in TidBits on July 24. "Due to their involvement in the process and the ability of other vendors to fix their products in a timely fashion, it's hard to imagine any possible justification for Apple's tardy behavior."
Aside from the ineffective fix to BIND, the DNS software used by Mac OS X, Thursday's patch includes fixes for the following Mac OS X components: Open Scripting Architecture, CarbonCore, CoreGraphics, Data Detectors Engine, Disk Utility, OpenLDAP, OpenSSL, PHP, QuickLook, and rsync.
Among these, the most serious issues fixed involve CarbonCore, CoreGraphics, OpenSSL, and QuickLook. If exploited, the vulnerabilities in these components could lead to arbitrary code execution.
Security Update 2008-005 applies to Mac OS X Server 10.4, Security, Mac OS X 10.4.11, Mac OS X Server 10.5, and Mac OS X 10.5.4. It can be downloaded from Apple's Web site or through the Software Update control panel in Mac OS X.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.