After weeks of dragging its heels, Apple has finally patched a dangerous DNS flaw that could have allowed scammers to execute a domain poisoning attack-essentially hijacking a legit domain and redirecting its traffic to a malicious look alike site. (Most other vendors, including Cisco and Microsoft, took immediate action when the flaw was announced.) A user could type in the legit site’s URL and be redirected to the malicious one with no warning signs. As most security vendors and IT departments recommend directly typing a site’s URL into the browser rather than clicking on an emailed link as a way to prevent a phishing attack, the flaw, discovered on July 8 could have had a potentially devastating effect on the net and it’s users.

Instructions on how to exploit the flaw were leaked on July 21, raising deep concerns because many sites had not yet patched their DNS, and as of now, many ISPs still haven’t rolled out patches, drawing criticism from security experts who say speed is of the essence to avoid becoming a target. If your company hasn’t rolled out a patch yet, do so NOW. Your customer’s sensitive data-and trust-depends on it!