Apple fixes Mac Wi-Fi flaw |
 |
By Bill Brenner, Senior News Writer
26 Jan 2007 | SearchSecurity.com |
|
|
Apple has fixed one of the Mac OS X Wi-Fi flaws reported by the researcher LMH during his Month of Kernel Bugs project in November. Local attackers could exploit the flaw over a wireless network to crash the victim's machine.
In his original advisory from the Month of Kernel Bugs, LMH said Apple's Airport Extreme driver fails to handle certain beacon frames, leading to out-of-bounds memory access and resulting in a so-called kernel panic.
Apple said in its 305031 advisory,"An attacker in local proximity may be able to trigger a system crash by sending a maliciously-crafted frame to an affected system."
The problem affects the Core Duo version of Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Other systems, including the Core 2 Duo versions are not affected. Apple said its security update addresses the issue by performing additional validation of wireless frames.
LMH is now engaged in a Month of Apple Bugs project. His two "Month-of" projects were inspired by the Month of Browser Bugs project launched by Metasploit Framework creator H.D. Moore in July.
In a recent interview conducted by email, LMH explained his motivation to disclose flaws in this manner.
"It's better to have someone disclosing your security flaws than having them known by the bad guys only," he responded. "This pushes the vendor to change its procedures and policies for vulnerability handling and disclosure. And that's where users benefit."
However, some security experts have criticized such disclosure projects as something designed more for press attention than better security.
|
