Apple Releases Security Update 2009-004

[javajolt]

Apple has released Security Update 2009-004 for Leopard and Tiger (PPC) via their Software Update utility and on the Web. According to the company, this update is recommended for all users and improves the security of Mac OS X. You can learn more about the security contents of this update over here. It should also be noted that previous security updates have been incorporated into this security update. Security Update 2009-004 weighs in at 166MB and requires Mac OS X 10.4.11 or later.

About Security Update 2009-004


Summary

This document describes the security content of Security Update 2009-004, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates." http://support.apple.com/kb/HT1222?viewlocale=en_US

Products Affected
Product Security

Security Update 2009-004
BIND

CVE-ID: CVE-2009-0696

Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8

Impact: A remote attacker may be able to cause the DNS server to unexpectedly terminate

Description: A logic issue in the handling of dynamic DNS update messages may cause an assertion to be triggered. By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service. The issue affects servers which are masters for one or more zones, regardless of whether they accept updates. BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default. This update addresses the issue by properly rejecting messages with a record of type 'ANY' where an assertion would previously have been raised.

[Jake]

Hmmm... Apple patching a possible exploitable hole in their software?  But I thought Mac's had no viruses...

Heh... stupid fanboys

As Apple's marketshare rises, so will the amount of Mac viruses.  The only reason they were considered secure previously, is because hackers didn't care enough to try and crack the Mac.  The same will happen to Linux and Unix as their popularity increases.

[javajolt]

OMG!! I just love your snide remarks towards all those Apple faniboys!!! who all think their stuff does not stink......

[Jake]

I'd probably be less hostile if Macs were displayed as what they really are, not what their biggest fans think they are.  They're computers, a less popular, more closed up (despite being based on Unix, which really didn't do them much good to switch anyway), that cost a lot more than they're worth.

I want to see an Apple commercial saying the truth "Hey look at the Apple Logo on my laptop which has a 3rd of the power of yours, but cost more!"  Macs are shiny... that's about it.