Submitted mine around the same time as yours (6103700), under
security for 10.4.11 server.
Be interesting to see what their response time is on a friday
afternoon.
Hi,
Interestingly enough, I got a response this morning (Sunday).
Apparently, they are well aware of the problem, but ran into
difficulties with the patch that rendered some BIND installations
unusable. They are currently working out the issues and will have an
update shortly. Fair enough. As I mentioned previously, when the truth
comes out, we see the problem was not an issue of "elected", but one
of unintended problems.
I don't want to pick apart someone's words, particularly when they are
not here to defend themselves, but there was one thing in the response
that tweaked me the wrong way. Essentially, words to the effect of "It
would be worse to break this functionality than to rush out a 'fix',
especially since we have received no report of any actual exploit
against our installed base." IMHO opinion, this is a security
vulnerability whose remedy precludes known exploit attempts against
the user base. I know that isn't what the Apple person meant
literally, but it is likely indicative of a mindset that Apple needs
to shake. Now that the vulnerability's details have been published
from here to Timbuktu, we know that at least a marginal amount of
script kiddies will attempt to exploit it. This fact puts the
vulnerability's remedy in the category of "preventative measures".
At any rate, I feel much better knowing that Apple is in fact
attempting to remedy the situation. It is not off their radar so to
speak.
So, that's the scoop. Continue to have a great weekend,
