What will be a first and no doubt tomorrow at work all the Windows Geeks will point fingers and say Apple have security issues.
I expect in the next week given the fact that most news companies take forever to report these things we'd see "Apple hides security holes" which is in fact untrue.

It appears that with Apple's Market Share growing to a breaking point, Hackers and Virus coders are starting to take interest in our OSX safe haven.
I believe this might be the cause of Apple pulling their show at this conference which is a shame because they stood for security and publicly said that.

Anyone know anything more about this ?

Maticks, do you have a link to any source for us?

Black Hat Talk on Apple Encryption Flaw Pulled - Security Fix
Apple bails on Black Hat talk

I must say i was shocked that my Mac OSX Server was unpatched for the DNS exploit for almost a month.
Especially since i have over 40 domains hosted on it, Apple are usually quick to patch those types of things but that was a very long gap.
It was also a very well publicized security hole not to mention a major issue.

Apple are notoriously slow at patching security related issues.

I host a number of domains through an OS X server; however as i use the DNS servers of my ISP for resolution this particular security issue was of little concern to me.

Maybe apple are well aware that their installed base generally is not deployed in large environments where it's used as the primary requesting/caching NS? (just playing devil advocate here it's bloddy lazy of them not to include the updates to their standard version of BIND that's included in OS X) or maybe they figure that all the admins who use OS X for primary DNS were savy enough and had already upgraded BIND from source....

It also looks like the client side didn't get patched correctly also.

Although the client side is less vulnerable it can still have the DNS Cache Poisoned if it is being used.

I think my IPS's DNS servers are still un-patched, so a month is hardly "long" for the patch, which came in Security Update 2008-005.

which didn't patch it correctly as mac os x still has the dns server port numbers running one after another and not radnomly like they should be for a proper fix.

This makes for interesting reading and we are still at risk albeit small for the client side.

Apple DNS Patch Fails To Randomize - Users Still At Risk (Sync)

Yup - i agree with currawongs comments on apples time on this one (despite some of their other issues) the full nature of this attack wasn't to be disclosed for a month after the announcement; allowing compainies time to release patches. however the full details were leaked and the nature of the attack became better known.

Why apple didn't include the BIND update in the client tools who knows; maybe because it can't be turned on in the GUI....

This attack is predominantly aimed at ISP level infrastructure; in the case that your DNS host hasn't updated their servers to fix opendns.org has updated their servers and increased capacity to allow people to use their servers while local providers catch up.

Apple DNS Patch Fails To Randomize - Users Still At Risk (Sync)

This comment below Andrew Storms' post may explain how this may not be as alarming as some think.

Even though OS X makes use of BIND it's DNS does not work the same way as most other *nixes.

A month is an eternity when the exploit is in the wild
Thankfully most of our servers run Redhat which was patched the day after the DNS cache poisoning CERT advisory was released.

Ahh, viruses.

The worst part about people switching.

This has got nothing to do with switchers or viruses.
The issue lies with there being an exploit in a part of OS X that is open-source. That bug has been rectified in the open-source package. Apple are still yet to patch it over a month later. Poor form for Apple.

this DNS poisoning issue i actually had two isp who's DNS servers were infected by it.
In specific fake microsoft.com and bank site entry's were loaded into their DNS Servers.
It should have been resolved in the period of time that all linux distributed resolved it.
I've been running OSX Server for around 4 years i really hope a root exploit isnt dealt with this lack of caring.

I must say Apple's Choice to continue using cyrus with all the issues they have with it leads me to believe its not a business product its more like windows ME we're bored let do something business'ish.

I hate that argument: "apple is small and no one wants to wite viruss for a mac"

So how do you explain that the classic OS had somthing like 80 virusus and the user base has grown ten times since then. Why isnt there 800 virusus for osx instead of what we got, which is none?

No PC person can answer that for me, without admiting OSX is more secure than any windows os.