Apple Security fix includes BIND update
Yesterday, shortly after I read TidBITS' post on securing the DNS flaw that Apple had ignored for a while, Apple released a security fix which finally took care of the situation. This comes 3 weeks after the security industry began taking matters into their own hands. This fix does overwrite the files updated in the TidBITs post on manually correcting the issue, mentioned above.
In Apple's notes on the update, they mention fixes for:
Open Scripting Architecture, which addresses the ARDAgent issue which allowed Trojan Horses and non-administrator users to gain root access
The aforementioned BIND issue which allowed for DNS poisoning (allowing malicious websites to forge their identity)
A CarbonCore stack buffer overflow which allowed for arbitrary code execution
A CoreGraphics memory corruption issue and a CoreGraphics PDF weakness, both allowing for arbitrary code execution
A Data Detectors issue which could be exploited for [DOS](http://en.wikipedia.org/wiki/Denial-of-service_attack) attacks
A Repair Permissions/emacs exploit in Disk Utility
An LDAP weakness
An OpenSSL weakness
Multiple PHP vulnerabilities
A flaw in QuickLook's handling of maliciously crafted Microsoft Office files
An issue with rsync's handling of symbolic links
Some of those had been reported, some I hadn't heard about previously, but I'm certainly feeling more secure this morning.
[via Macworld]