[Geeks are Sexy] technology news

Friday, September 22, 2006

Apple Airport Vulnerable After All

appleA while ago our friend Matt, the web monkey, did a post about 2 researchers who had discovered a critical flaw in the Apple Airport wireless drivers. The flaw, when exploited, could apparently be used to take control of any nearby machines that were also equipped with one of those wireless cards.. The discovery was largely criticized by the IT community as being irrelevant because the researchers who discovered the flaw did not want to expose the attack code publicly.

Now, a few weeks later, Apple have quietly released the patch to fix the so called "unfounded" vulnerability. It seems that David Maynor and Jon Ellch, the guys who discovered this whole mess, were right after all.

According to the update issued by Apple, two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges.

Read more.

Update: The Daring Fireball blog has some additional details concerning this issue.

The second issue, CVE-2006-3508, “affects Intel-based Mac mini,MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook,iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected.”This list of affected computers corresponds to those whose AirPort cards arebased on Atheros chipsets.


  • Fud.

    By Anonymous Anonymous, at 3:48 PM  

  • Nope: http://daringfireball.net/2006/09/airport_security_update

    By Anonymous Anonymous, at 12:12 AM  

  • Thanks anonymous#2 :)

    By Blogger Kiltak, at 8:21 AM  

  • Wait - so mac users aren't in an invulnerable bubble of their own - I'm shocked!!
    You mean a mac is just another computer, with vulnerablities like all others?
    Maybe now some mac users will stop wandering around with their heads up their arses and stop being pretentious pricks and just accept that their overpriced hardware is in the same boat as all other pc's.

    By Anonymous Anonymous, at 5:21 PM  

Post a Comment

Links to this post:

Create a Link

<< Home