Apple's DNS Patch "Doesn't"?

We've covered here how there is a significant vulnerability in the DNS software used to resolve names like "www.dell.com" into their respective IP addresses. We've also covered how the major OS players have all updated their software, while Apple had not done so. According to ComputerWorld, they've released a patch for OS X that they claim fixes the problem, but which the security experts report does not.

Andrew Storms, director of security operations at nCircle Network Security Inc. tested Apple's update, and found that even with the update applied, Apple systems were not randomizing the ports they used. Attacks using this vulnerability are reportedly already in the wild, so Internet-connected Macs are indeed vulnerable. Storms is quoted as saying "Essentially, we're at the same place as we were yesterday before Apple released the patch." Swa Frantzen of the SANS Institute, says "So Apple might have fixed some of the more important parts for servers, but is far from done yet, as all the clients linked against a DNS client library still need to get the work-around for the protocol weakness."

Storms suggests that Apple made a mistake somewhere to produce the "nonpatch patch" just released. "Is Apple modifying the BIND distributions from ISC, and somehow didn't realize this repercussion? Or is there some kind of configuration file that they forgot to change? It must be one of those two," Storms said. "If you take the BIND distribution from ISC and patch your system on a Linux box, you're patched," he said. "I don't know what happened to Apple's."

For more information about this "nonpatch patch" click here to visit ComputerWorld.

We've been suggesting for a while here that Apple's development team seems to be overburdened and that they appear to be making significant mistakes that are quite simply beneath the caliber of individuals we know to be working there. We know that they work hard. We know that they care about what they're doing. The only reason for mistakes like this that we can imagine is that the developers are overworked, and QA staff are either similarly stretched too thin or are non-existent. We hope Apple is able to correct this situation. Their reputation is already starting to tarnish...