Apple fixes Mac Wi-Fi flaws

By Bill Brenner, Senior News Writer 22 Sep 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

When security researchers David Maynor and Jon "Johnny Cache" Ellch used a MacBook to show how attackers could target wireless cards to hijack laptops during last month's Black Hat conference in Las Vegas, Apple Computer Inc. refuted their claims.

While the Mac used in the demonstration was fitted with a third-party wireless card -- and Maynor and Ellch went out of their way to note that the threat wasn't limited to Apple products -- the Cupertino, Calif.-based company criticized the researchers for using a MacBook and suggesting the machines were in immediate danger of attack. Nevertheless, the demonstration prompted Apple to conduct its own search for wireless glitches.

That search uncovered three flaws Apple addressed in a security update released late Thursday. The update addresses vulnerabilities attackers could exploit to cause a denial of service or run malicious code, resulting in the full takeover of a Mac machine.

While Apple conducted its investigation in response to the Black Hat presentation, the flaws fixed Thursday are unrelated to what Maynor and Ellch demonstrated, Apple spokesman Anuj Nayar said. "This was the result of an internal audit," he said.

The first problem, Apple explained, is that two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed frames. "An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network," Apple said. "When the AirPort is on, this could lead to arbitrary code execution with system privileges."

The problem affects Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless functionality. However, the Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected.

The second problem is a heap buffer overflow in the AirPort wireless driver's handling of scan cache updates. The issue could be exploited in a similar fashion and affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless cards. Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected.

The third problem is an integer overflow in the Airport wireless driver's API for third-party wireless software. "This could lead to a buffer overflow in such applications dependent upon API usage," Apple said. The issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers with wireless functionality. Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected.

Tags: Wireless Network Protocols and Standards,  Alternative OS security: Mac, Linux, Unix, etc.,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Wireless Network Protocols and Standards Wireless Security Lunchtime Learning An introduction to wireless security A wireless network vulnerability assessment checklist Lesson 1: How to counter wireless threats and vulnerabilities Lesson 1 quiz: Risky business Wireless Security Lunchtime Learning Entrance Exam Risky Business: Understanding WiFi threats Study reveals lack of financial wireless computer security Preparing enterprise Wi-Fi networks for PCI compliance Cracks in WPA? How to continue protecting Wi-Fi networks Alternative OS security: Mac, Linux, Unix, etc. Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method New hacking method stealthily attacks Macs with malware Apple fixes critical QuickTime flaws User provisioning and SSO for PeopleSoft- and Unix-based products Alternative OS security: Mac, Linux, Unix, etc. Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary