When security researchers David Maynor and Jon "Johnny Cache" Ellch used a MacBook to show how attackers could target wireless cards to hijack laptops during last month's Black Hat conference in Las Vegas, Apple Computer Inc. refuted their claims.
While the Mac used in the demonstration was fitted with a third-party wireless card -- and Maynor and Ellch went out of their way to note that the threat wasn't limited to Apple products -- the Cupertino, Calif.-based company criticized the researchers for using a MacBook and suggesting the machines were in immediate danger of attack. Nevertheless, the demonstration prompted Apple to conduct its own search for wireless glitches.
That search uncovered three flaws Apple addressed in a security update released late Thursday. The update addresses vulnerabilities attackers could exploit to cause a denial of service or run malicious code, resulting in the full takeover of a Mac machine.
While Apple conducted its investigation in response to the Black Hat presentation, the flaws fixed Thursday are unrelated to what Maynor and Ellch demonstrated, Apple spokesman Anuj Nayar said. "This was the result of an internal audit," he said.
The first problem, Apple explained, is that two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed frames. "An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network," Apple said. "When the AirPort is on, this could lead to arbitrary code execution with system privileges."
The problem affects Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless functionality. However, the Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected.
The second problem is a heap buffer overflow in the AirPort wireless driver's handling of scan cache updates. The issue could be exploited in a similar fashion and affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless cards. Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected.
The third problem is an integer overflow in the Airport wireless driver's API for third-party wireless software. "This could lead to a buffer overflow in such applications dependent upon API usage," Apple said. The issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers with wireless functionality. Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected.