The latest Mac OS X security update (2008-005) failed to fix (or temporarily solve) the DNS vulnerability in the client version of Mac OS X 10.5 and 10.4. The update solved (temporarily) the same problem in Mac OS X server, but somehow Apple forgot to update the client libraries. The source port is still not randomized (but incremented by 1 each time). So, is this really a critical problem? Or should we worry more about DNS servers behind NAT?
Read more details about how the DNS workaround failed in Mac OS X 10.5 or how the DNS Workaround Failed in Mac OS X 10.4
Tags: 10.4, 10.5, apple, BIND, Client, DNS, mac os x, random source port, security update, Security Update 2008-005