Apple (finally) patches ARDAgent vulnerability and BIND/DNS flaw with Security Update 2008-005

Apple yesterday released Security Update 2008-005 for OS X Leopard (10.5.4) and Tiger (10.4.11).  This update patches two large security holes that have received mention recently in the press.

The first one is the ARDAgent vulnerability in Apple’s Remote Desktop Agent that could allow malicious users to install programs or change settings without privileges.

The second is the highly publicized flaw in the DNS system which mainly targeted servers, but could technically be exploited on a client machine.

Apple received a lot of heat due to their slowness in getting these updates out to the public as compared to the time it took major Linux manufacturers and Microsoft to get the issue fixed. As always, it’s recommended to install these updates as soon as possible.  Hopefully Apple has learned that the more users that switch over to using Macs and OS X, the more important it will become to get these security issues patched.