Apple releases AirPort Update 2006-001 and Security Update 2006-005

Apple today released AirPort Update 2006-001 which the company says in its notes “improves AirPort reliability on Macintosh computers.”

Installation note:
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either AirPort Update 2006-001 or Security Update 2006-005.

For reference if installing from a manually-downloaded package:

AirPort Update 2006-001 will install on the following systems:
• Mac OS X v10.4.7 Builds 8J2135 or 8J2135a

Security Update 2006-005 will install on the following systems:
• Mac OS X v10.3.9
• Mac OS X Server v10.3.9
• Mac OS X v10.4.7 Builds 8J135, 8K1079, 8K1106, 8K1123, or 8K1124
• Mac OS X Server v10.4.7 Builds 8J135, 8K1079, 8K1106, 8K1123, or 8K1124

For Mac OS X 10.3.9 and Mac OS X Server 10.3.9 systems, if Software Update does not display Security Update 2006-005, the following updates need to be installed:
AirPort 4.2
AirPort Extreme Driver Update 2005-001

AirPort Update 2006-001 and Security Update 2006-005

AirPort
CVE-ID: CVE-2006-3507

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7

Impact: Attackers on the wireless network may cause arbitrary code execution

Description: Two separate stack buffer overflows exist in the AirPort wireless driver’s handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges. This issue affects Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected. There is no known exploit for this issue. This update addresses the issues by performing additional validation of wireless frames.

AirPort
CVE-ID: CVE-2006-3508

Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7

Impact: Attackers on the wireless network may cause system crashes, privilege elevation, or arbitrary code execution

Description: A heap buffer overflow exists in the AirPort wireless driver’s handling of scan cache updates. An attacker in local proximity may be able to trigger the overflow by injecting a maliciously-crafted frame into the wireless network. This could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issue by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.

AirPort
CVE-ID: CVE-2006-3509

Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7

Impact: Depending upon third-party wireless software in use, attackers on the wireless network may cause crashes or arbitrary code execution

Description: An integer overflow exists in the Airport wireless driver’s API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage. No applications are known to be affected at this time. If an application is affected, then an attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into the wireless network. This may cause crashes or lead to arbitrary code execution with the privileges of the user running the application. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issues by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.

Additional info here.

AirPort Update 2006-001 and Security Update 2006-005 are available via Software Update and also as standalone installers (1.3MB) here.

Related MacDailyNews articles:
Apple: Airport fixes issues found via internal audit, not from SecureWorks – September 21, 2006
SecureWorks admits falsifying Apple MacBook ‘60-second wireless hijacking?’ – August 18, 2006
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006

26 Comments

  1. Face, you are so right. It really does. I can’t wait to get home and spend my time using my Mac, instead of spending my time keeping it running like I do all day here at work keeping 10 networked PC’s from Wormploading.

    I’ll just get home, do another occaisonal Apple update, knowing they’re plugging the rare exploits that do come up BEFORE my Mac’s get hijakced like my PC’s do, have it go quick and seamlessly and get back to fun with my Macs and then it’ll be back to trouble shooting the PC’s in the morning.

  2. face said : “gosh, I am stuck on a windows machine at work right now and it SUCKS. I can’t stand these things.”

    ====

    i say, “gosh, I am stuck on a windows machine at work right now and it SUCKS. I can’t stand these things.”…I have less than 30 minutes left, before I head home to my Macbook!

  3. Just a little story I thought I’d share with ya’ll.
    I recently reinstalled my system(10.4 on a 1.5GHz pb) as some program that was supposed to clean up language files cleaned a bit too well.
    Anyhow, my airport extreme was set to wpa2 personal locked to my MAC address. After installing 10.4 I’m stuck with the situation that wpa2 support is included in an update to 10.4 and isn’t available on a freshly installed system, hence i can not connect to my airport and i can not go online and update manually as i have registered the MAC adress of the router with my isp. had to reset the router and do the setup all over again, major pain! Now i have all the updates on my linuxserver just in case ” width=”19″ height=”19″ alt=”smile” style=”border:0;” />

  4. The exploit the update describes is exactly the same thing the “hijacked MacBook” guys were claiming. Saying that Apple was leaning on them to not release more info doesn’t automatically make them liars. Looks like they just got validated. Shame on all who tore them a new one.

  5. Don., stop spreading the FUD! From the advisory itself:

    Apple has maintained that SecureWorks has provided no proof that Mac drivers are vulnerable in any way.

    “They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit,” Apple spokesman, Anuj Nayar, told Macworld. “Today’s update preemptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac.”

    MDN, you guys need to update the main article with this very important piece of information! This is serious, because the FUD pushers are going to go crazy like a cat on catnip on this one thinking they’re “right” when it actually confirms once again that SecureWorks provided absolutely zilch to Apple on the wireless security issue.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.