News, Reviews and more from Australia's Macintosh Authority
News, Reviews and more from Australia's Macintosh Authority
ADVERTISEMENT
Apple on Thursday released Security Update 2008-005, patching a critical DNS (Domain Name Server) flaw that other companies began fixing on 8 July. The DNS fix is among 13 items updated in the security release.
First reported by Dan Kaminsky of IOActive, the DNS flaw would allow an attacker to introduce forged DNS information into the cache of a caching nameserver. The end result of the attack, known as cache poisoning, is that a visitor to a web site is redirected to wherever the attacker chooses to send them.
BIND has been updated in the security release to version 9.4.2-P1, which implements source port randomisation to improve resilience against cache poisoning attacks.
Apple’s Data Detectors Engine in Mac OS X has been updated to fix a problem that caused a user viewing maliciously crafted messages with Data Detectors to experience an unexpected application termination.
Running the “Repair Permissions” could allow a local user with emacs to run commands with system privileges. The update corrects the permissions applied to emacs in the Repair Permissions tool. This issue does not affect Mac OS X 10.5 or later.
Issues with OpenLDAP and OpenSSL where a remote attacker may be able to cause an unexpected application termination have both been addressed. Rsync has been updated to fix a problem that would allow files outside the module root to be accessed or overwritten remotely.
Mac OS X 10.5 users get a new version of PHP with this security update, which fixes multiple vulnerabilities, the most serious of which may lead to arbitrary code execution, according to Apple.
QuickLook also got updated to fix a problem that happened if a user downloaded a maliciously-crafted Microsoft Office file causing an unexpected application termination or arbitrary code execution.
The Open Scripting Architecture was updated so local users could not execute commands with elevated privileges.
Apple Security Update Security Update 2008-005 is available from the software update mechanism in Mac OS X or from Apple's Web site.
As mentioned in the lead news item, a new piece of OS X malware has been discovered.
Rob Griffiths | Nov 22, 2007
For watching movies, Jobs announced that the second iteration of the Apple TV will allow movies to be downloaded (and even rented) directly from the iTunes Store without the need for a computer to get involved. Of course, this feature is only relevant to Americans, but as an increasing number of Australians are figuring out how to access the US iTunes Store it's worth noting. The iTunes rental service includes both new release and "catalogue" films from all the major studios.
Matthew JC. Powell | Jan 16, 2008
Apple sold 2.3 million Macs and 22.1 million iPods during the holiday shopping season, helping the company turn a $US1.58-billion profit during its fiscal first quarter. The Mac totals mark the third consecutive quarter that Apple has set a quarterly sales record for its desktops and laptops. The Mac totals mark the third consecutive quarter that Apple has set a quarterly sales record for its desktops and laptops. For the quarter ended December 31, Apple reported a profit of $US1.76 a share on revenue of $US9.6 billion.
Jim Dalrymple,Philips Michaels and Peter Cohen | Jan 23, 2008
Processors specially developed by Intel for Apple’s new MacBook Air laptop will soon be used by other PC vendors in systems, possibly creating competition for what Apple calls the world’s lightest and thinnest notebook.
Agam Shah | Feb 1, 2008
