Researchers have discovered a flaw in the UNIX BIND software that translates human readable domain names into IP addresses. Microsoft and Cisco have released patches, but so far Apple has not. In addition, Mac OS X 10.5.3 and 10.5.4 have broken the BSM auditing system critical for some government installations.
The vulnerability in the BIND software in both Mac OS X and Mac OS X Server could allow a user to be re-directed, without the useris knowledge, to a phishing site which could steal a useris login information to, say, a bank or financial service.
While some astute Mac OS X Server sysadmins could download and compile the new BIND, many other small business users, a market Apple specializes in, might not have the skills to install their own patch.
A government IT manager told TMO on Sunday that Mac OS X 10.5.3 and 10.5.4 break the support previously available in Leopard for the Basic Security Module (BSM) auditing required by many government and research facilities to audit the activities on their Macs. Some of his Mac Pros are now useless as a result.
The manager also told TMO they also cannot get their CAC cards to work reliably on the Macs. These Common Access Cards are used by government agencies as both an ID card and as access to DoD networks and computers.
Last week, Brian Chen at Wired wondered if Apple has bitten off more than it can chew, especially in light of the initial problems with MobileMe.
Apple has launched a MobileMe status blog to better inform users about the status of MobileMe. In addition, spot problems tend to make news even when most customers arenit having problems. Even so, the pace of the Internet scrutiny, the number of new Apple customers, the lean team size at Apple and the number of Appleis new initiatives seem to be clashing more and more publicly lately.