Security Update 2009-004 fixes BIND vulnerability
With the security content of all the updates Apple has been rolling out in the last few weeks, you might have thought the tides of darkness stemmed. But hackers never sleep—or so it seems—so neither can Apple. On Wednesday, the company released Security Update 2009-004, which is recommended for all Mac OS X users.
There’s just one fix listed in 2009-004’s knowledge base document, but it’s a pretty nasty one: a vulnerability in software package BIND that could let a remote party interrupt the Domain Name System service. BIND has previously been the target of hackers, most notably a major vulnerability exposed by security expert Dan Kaminsky in 2008 that was later patched by Apple and other software vendors. On the upside, while BIND is included in OS X (both server and client editions) it’s not enabled by default.
Still, a little extra security’s never a bad thing, so go ahead and grab the patch. It’s available for Tiger client (PowerPC and Intel), Tiger server (PowerPC and Intel) and Leopard from both Apple's support download site and via Software Update.