Apple has released a patch set that brings the OS X up to version 10.4.10 and it includes numerous patches and yes, security ones.

Apple has slammed the door shut on denial-of-service attacks and a security bypass that Type 0 routing headers in IPv6 let in.

The company on June 20 put out an update, Mac OS X 10.4.10, that addresses the problem by disabling support for the headers.

This vulnerability has been left wide open in IPv6 even though it was well-known and shut down in IPv4; by default, all routing engines now turn it off.

This particular type of packet header can be used to crazily bounce network packets back and forth between hops on their route, clogging up bandwidth and potentially causing a DoS.

Back in April, two researchers, EADS Corporate Research Center research engineers Philippe Biondi and Arnaud Ebalard, showed that when you can specify where your nodes route packets, you can create a loop—for example, from hop A to hop B to hop A to hop B—that exponentially jacks up Internet traffic, thus causing a DDoS (distributed DoS).

applesec21062007.jpg

Here is the link for the summary of the Apple patch as well as the security patches.

Article Link

[tags]Apple Security Patches, OS X 10.4.10, Apple IPv6[/tags]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.