Apple today released a security update for OS X 10.4 and OS X 10.5 that addresses a known security vulnerability with BIND. BIND is a set of tools used to access and manipulate the Domain Name System (DNS).
The particular exploit (CVE-2009-0696) can cause a BIND DNS server to exit when it encounters a maliciously crafted message. The exploit has been public for a while, but the desktop version of OS X doesn’t come configured with BIND enabled by default. However, because many users of the desktop version of OS X use this service as an inexpensive way to host their own web sites or email systems, it’s recommended that you download and install this update.
The security update is available from the Apple menu, Software Update. You can also download it directly from Apple’s web site.
The update is available in three different configurations, based on the OS and type of Mac.