Security researchers are claiming that Apple has failed to fully patch the high profile DNS cache poisoning error.
The company issued the patch last week as part of a larger security update. The so-called Kaminsky flaw (named after its discoverer, Dan Kaminsky) has sent vendors scrambling to patch what is said to be a fundamental vulnerability in the DNS system.
According to Andrew Storms, director of security operations for network security firm nCircle, Apple's patch doesn't quite do the job. Storms found that the update doesn't force source port randomisation for client libraries, an essential fix for preventing the spooking attack.
Storms said that while the server component of the error is fixed, client machines remain vulnerable.
"For Apple, it matters most that they patch the client libraries since there are so few OSX recursive servers in use," he noted.
"The bottom line is that despite this update, it appears that the client libraries still aren't patched."
Storms was not the only person to note Apple's oversight. Sans researcher Swa Frantzen also noticed the flaw. Frantzen pointed out that a fully patched Leopard system still uses incrementing ports, making port selection predictable and allowing an attacker to still perform the cache-poisoning exploit.
"So Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the protocol weakness," said Frantzen.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago