14 DAY TRIAL // In what has been a Software Update-full week for Mac users, Apple has released yet another security update for Client and Server versions of its OS X Leopard and Tiger operating systems. Security Update 2009-004 comes a mere week after the 2009-003 Security Update (issued in tandem with Mac OS X 10.5.8), and just one day after the Safari 4.0.3 release, which patched a number of security issues on its own.
Posted August 12, 2009, Security Update 2009-004 is a hefty 166MB download available for users of Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, and Mac OS X Server v10.5.8. The Mac maker describes the release saying that “Security Update 2009-004 is recommended for all users and improves the security of Mac OS X. Previous security updates have been incorporated into this security update.”
On a more detailed note (Support article), Apple reveals that “a logic issue in the handling of dynamic DNS update messages may cause an assertion to be triggered. By sending a maliciously crafted update message to the BIND DNS server, a remote attacker may be able to interrupt the BIND service,” Apple warns. “The issue affects servers which are masters for one or more zones, regardless of whether they accept updates. BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default.”
As such, Mac OS X users are strongly advised to download and install Security Update 2000-004, which “addresses the issue by properly rejecting messages with a record of type 'ANY' where an assertion would previously have been raised,” the Cupertino-based company informs.
Mac OS X users can download the latest security update from Apple using the links below. Client and Server versions of the software for Leopard and Tiger, PowerPC and Intel are available.