Apple Airport Vulnerable After All
A while ago our friend Matt, the web monkey, did a post about 2 researchers who had discovered a critical flaw in the Apple Airport wireless drivers. The flaw, when exploited, could apparently be used to take control of any nearby machines that were also equipped with one of those wireless cards.. The discovery was largely criticized by the IT community as being irrelevant because the researchers who discovered the flaw did not want to expose the attack code publicly.
Now, a few weeks later, Apple have quietly released the patch to fix the so called "unfounded" vulnerability. It seems that David Maynor and Jon Ellch, the guys who discovered this whole mess, were right after all.
According to the update issued by Apple, two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges.
Update: The Daring Fireball blog has some additional details concerning this issue.
The second issue, CVE-2006-3508, “affects Intel-based Mac mini,MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook,iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected.”This list of affected computers corresponds to those whose AirPort cards arebased on Atheros chipsets.