3 August 2007 @ 14:47A fix for the Apple worm?

Apple has issued a “fix” for the mDNSResponder exploit, that was recently revealed. This “fix” comes in the form of Security Update 2007-007. From Apple’s site:

CVE-ID: CVE-2007-3744

Available for: Mac OS X v10.4.10, Mac OS X Server v10.4.10

Impact: An attacker on the local network may be able to cause a denial of service or arbitrary code execution

Description: A buffer overflow vulnerability exists in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) code used to create Port Mappings on home NAT gateways in the Mac OS X implementation of mDNSResponder. By sending a maliciously crafted packet, an attacker on the local network can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by removing UPnP IGD support. This issue does not affect systems prior to Mac OS X v10.4.

I’m not sure if Apple simply removed what was broken — UPnP IGD support or fixed a different issue. Either way, I would rather a weakness be removed until it can be fortified, than open until a fix is developed.

Is there truly a connection between this security update and the revelation by InfoSec Sellout that a worm had been written that took advantage of this bug in mDNSResponder? At this point, we can only speculate.