Close on the heels of the MAC OS X 10.5.8 security upgrade that Apple released on August 6 to address 18 vulnerabilities, Apple has released another update to fix a bug in the BIND and DNS service of the Mac OS X and its server additions.

The new patch targets a critical DNS vulnerability in BIND, which has been reported in the wild. The downloadable update is available for both Tiger and Leopard systems and servers, namely - Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, and Mac OS X Server v10.5.8.

Referring to the new update, Apple specified that a logic issue in the usage of dynamic DNS (Domain Name System) update messages can potentially trigger an attack. A remote attacker can use a malicious updated message for the BIND DNS server to cut short the BIND service, leading to the unexpected lapse of the DNS server.

In its advisory pertaining to the update, Apple said: "The issue affects servers which are masters for one or more zones, regardless of whether they accept updates. BIND is included with Mac OS X and Mac OS X Server but it is not enabled by default. This update addresses the issue by properly rejecting messages with a record of type 'ANY' where an assertion would previously have been raised."