Exploit code released for Apple Wi-Fi flaw

By Bill Brenner, Senior News Writer 02 Nov 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

A new hacker project kicked off Wednesday with the release of attack code against a new flaw in Apple Computer Inc.'s wireless software.

The code was provided by H.D. Moore, developer of the popular Metasploit security tool, and released via a blog called The Month of Kernel Bugs. The Month of Kernel Bugs is a spin-off of Moore's Month of Browser Bugs project, in which details of new browser flaws were released each day during the month of July.

In his analysis of the new Apple flaw, Moore said the wireless cards used in PowerBooks and iMacs manufactured between 1999 and 2003 are vulnerable to a remote memory corruption flaw.

Wi-Fi threats: Wi-Fi vulnerability assessment checklist Wi-Fi: Checking airwaves for rogues and 'discoverable' devices Wi-Fi access points go nuclear Apple fixes Mac Wi-Fi flaws

"When the driver is placed into active scanning mode, a malformed probe response frame can be used to corrupt internal kernel structures, leading to arbitrary code execution," he said. "This vulnerability is triggered when a probe response frame is received that does not contain valid information element (IE) fields after the fixed-length header. The data following the fixed-length header is copied over internal kernel structures, resulting in memory operations being performed on attacker-controlled pointer values."

Apple released a statement Wednesday saying the flaw "affects a small percentage of previous-generation AirPort-enabled Macs and does not affect currently shipping or AirPort Extreme-enabled Macs."

The Month of Kernel Bugs kicked off with the Apple flaw to keep the spotlight on wireless threats outlined at the Black Hat conference in Las Vegas three months ago, said the blog's author, a hacker who goes by the name of LMH.

"With all the hype and buzz about the now infamous Apple wireless device driver bugs … hopefully this will bring some light (better said, proof) about the existence of such flaws in the Airport device drivers," LMH wrote.

Tags: Wireless Network Protocols and Standards,  Alternative OS security: Mac, Linux, Unix, etc.,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Wireless Network Protocols and Standards Wireless network guidelines for PCI DSS compliance Best Wireless Security Products MMS messaging spoof hack could have global ramifications PCI group releases wireless security guide 802.1X Port Access Control: Which version is best for you? Wireless Security Lunchtime Learning An introduction to wireless security Lesson 1: How to counter wireless threats and vulnerabilities Risky Business: Understanding WiFi threats Lesson 1 quiz: Risky business Alternative OS security: Mac, Linux, Unix, etc. Machiavelli Mac OS X rootkit unveiled at Black Hat How secure is 'Platform as a Service (PaaS)?' Security comparison: Mac OS X vs. Windows Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method Alternative OS security: Mac, Linux, Unix, etc. Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Wired Equivalent Privacy  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary