Apple misses mark on DNS patch

By

Leopard remains vulnerable to cache poisoning, say researchers.


Security researchers are claiming that Apple has failed to fully patch the high profile DNS cache poisoning error.

The company issued the patch last week as part of a larger security update. The so-called Kaminsky flaw (named after its discoverer, Dan Kaminsky) has sent vendors scrambling to patch what is said to be a fundamental vulnerability in the DNS system.

According to Andrew Storms, director of security operations for network security firm nCircle, Apple's patch doesn't quite do the job. Storms found that the update doesn't force source port randomisation for client libraries, an essential fix for preventing the spooking attack.

Storms said that while the server component of the error is fixed, client machines remain vulnerable.

"For Apple, it matters most that they patch the client libraries since there are so few OSX recursive servers in use," he noted.

"The bottom line is that despite this update, it appears that the client libraries still aren't patched."

Storms was not the only person to note Apple's oversight. Sans researcher Swa Frantzen also noticed the flaw. Frantzen pointed out that a fully patched Leopard system still uses incrementing ports, making port selection predictable and allowing an attacker to still perform the cache-poisoning exploit.

"So Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the protocol weakness," said Frantzen.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Log In

  |  Forgot your password?