Apple has been criticized for being late with a fix. Some vendors, including Microsoft, Cisco, Sun Microsystems, and various Linux distributors, issued a fix weeks ago.

While Apple was working on its patch, researchers released software that exploits the flaw that IOActive researcher Dan Kaminsky discovered. The attack code was released by developers of the Metasploit hacking toolkit, headed by the infamous HD Moore.

Kaminsky is scheduled to discuss the DNS flaw at the Black Hat hacker convention next week in Las Vegas, but details on how to exploit the vulnerability are widespread.

Sitting (Mac) Ducks

Unpatched Mac users appeared to be sitting ducks for an attack that could redirect legitimate Web traffic to a phishing server .

The DNS flaw now patched by Apple and other vendors is a serious one, according to Graham Cluley, a security analyst at Sophos.

"If exploited, it would allow hackers to poison Internet lookup tables, meaning that even if you typed in the correct name of your online bank, for instance, you would be taken to a malicious forged Web page instead," he said.

What's more, he said, hackers could post malicious software updates on the Web and fool legitimate programs into downloading them, thinking they were at the real update sites.

"Some commentators have criticized Apple for taking longer than other vendors in producing a fix -- but the most important thing is that a fix is now available," Cluley said.

"Apple Mac users will be automatically alerted to the availability of new security patches, and would be wise to install them," he said. "Businesses typically take a little longer to roll out security patches, as they often wish to check that no compatibility issues result."

A Complicated Threat

The threat emerges from two different issues with the DNS protocol, according to McAfee Avert Labs. DNS primarily uses UDP packets to send questions and receive answers.

A client computer will accept any packet as an answer to its question on three conditions: The packet is coming from the DNS server, the source and destination ports match the destination and source ports of the question packet, and, most importantly, the transaction ID and question match its question.

Complicating matters, when a DNS server replies to a question, it can also include additional information in the answer to make future processes more efficient. Combining the answer-packet spoof with the additional information makes the story more interesting because it makes exploitation easier.

Apple also released a security bulletin to fix at least 17 different security holes in the Mac OS X operating system and other software products late Thursday.