Apple today released AirPort Update 2006-001 which the company says in its notes “improves AirPort reliability on Macintosh computers.”
Installation note:
The Software Update utility will present the update that applies to your system configuration. Only one is needed, either AirPort Update 2006-001 or Security Update 2006-005.
For reference if installing from a manually-downloaded package:
AirPort Update 2006-001 will install on the following systems:
• Mac OS X v10.4.7 Builds 8J2135 or 8J2135a
Security Update 2006-005 will install on the following systems:
• Mac OS X v10.3.9
• Mac OS X Server v10.3.9
• Mac OS X v10.4.7 Builds 8J135, 8K1079, 8K1106, 8K1123, or 8K1124
• Mac OS X Server v10.4.7 Builds 8J135, 8K1079, 8K1106, 8K1123, or 8K1124
For Mac OS X 10.3.9 and Mac OS X Server 10.3.9 systems, if Software Update does not display Security Update 2006-005, the following updates need to be installed:
• AirPort 4.2
• AirPort Extreme Driver Update 2005-001
AirPort Update 2006-001 and Security Update 2006-005
• AirPort
CVE-ID: CVE-2006-3507
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7
Impact: Attackers on the wireless network may cause arbitrary code execution
Description: Two separate stack buffer overflows exist in the AirPort wireless driver’s handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges. This issue affects Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected. There is no known exploit for this issue. This update addresses the issues by performing additional validation of wireless frames.
• AirPort
CVE-ID: CVE-2006-3508
Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7
Impact: Attackers on the wireless network may cause system crashes, privilege elevation, or arbitrary code execution
Description: A heap buffer overflow exists in the AirPort wireless driver’s handling of scan cache updates. An attacker in local proximity may be able to trigger the overflow by injecting a maliciously-crafted frame into the wireless network. This could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issue by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.
• AirPort
CVE-ID: CVE-2006-3509
Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7
Impact: Depending upon third-party wireless software in use, attackers on the wireless network may cause crashes or arbitrary code execution
Description: An integer overflow exists in the Airport wireless driver’s API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage. No applications are known to be affected at this time. If an application is affected, then an attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into the wireless network. This may cause crashes or lead to arbitrary code execution with the privileges of the user running the application. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issues by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.
Additional info here.
AirPort Update 2006-001 and Security Update 2006-005 are available via Software Update and also as standalone installers (1.3MB) here.
Related MacDailyNews articles:
Apple: Airport fixes issues found via internal audit, not from SecureWorks – September 21, 2006
SecureWorks admits falsifying Apple MacBook ‘60-second wireless hijacking?’ – August 18, 2006
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006
Hijacking an Apple Macbook in 60 seconds video posted online – August 03, 2006
Hijacking an Apple Macbook in 60 seconds – August 02, 2006
Thank you!!!!!!!!
gosh, I am stuck on a windows machine at work right now and it SUCKS. I can’t stand these things.
Face, you are so right. It really does. I can’t wait to get home and spend my time using my Mac, instead of spending my time keeping it running like I do all day here at work keeping 10 networked PC’s from Wormploading.
I’ll just get home, do another occaisonal Apple update, knowing they’re plugging the rare exploits that do come up BEFORE my Mac’s get hijakced like my PC’s do, have it go quick and seamlessly and get back to fun with my Macs and then it’ll be back to trouble shooting the PC’s in the morning.
The fan in my iMac PowerPC G5 2.1 GHz came full on when I restarted after this installation, but a second restart fixed that. OK otherwise.
face said : “gosh, I am stuck on a windows machine at work right now and it SUCKS. I can’t stand these things.”
====
i say, “gosh, I am stuck on a windows machine at work right now and it SUCKS. I can’t stand these things.”…I have less than 30 minutes left, before I head home to my Macbook!
Just a little story I thought I’d share with ya’ll.
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
I recently reinstalled my system(10.4 on a 1.5GHz pb) as some program that was supposed to clean up language files cleaned a bit too well.
Anyhow, my airport extreme was set to wpa2 personal locked to my MAC address. After installing 10.4 I’m stuck with the situation that wpa2 support is included in an update to 10.4 and isn’t available on a freshly installed system, hence i can not connect to my airport and i can not go online and update manually as i have registered the MAC adress of the router with my isp. had to reset the router and do the setup all over again, major pain! Now i have all the updates on my linuxserver just in case
Not to inject any FUD into this discussion… but does this AirPort/security update have anything to do with the “hijacked MacBook” at the Black Hat conference?
I wonder if this update improves video streaming or adds other features to itunes / airtunes. any thoughts?
The exploit the update describes is exactly the same thing the “hijacked MacBook” guys were claiming. Saying that Apple was leaning on them to not release more info doesn’t automatically make them liars. Looks like they just got validated. Shame on all who tore them a new one.
Don., stop spreading the FUD! From the advisory itself:
Apple has maintained that SecureWorks has provided no proof that Mac drivers are vulnerable in any way.
“They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit,” Apple spokesman, Anuj Nayar, told Macworld. “Today’s update preemptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac.”
MDN, you guys need to update the main article with this very important piece of information! This is serious, because the FUD pushers are going to go crazy like a cat on catnip on this one thinking they’re “right” when it actually confirms once again that SecureWorks provided absolutely zilch to Apple on the wireless security issue.
Hate to say I told you so
but does this AirPort/security update have anything to do with the “hijacked MacBook” at the Black Hat conference?
Yes it does.
http://news.com.com/2100-1002_3-6118245.html?part=rss&tag=6118245&subj=news
Apple should be doing more testing of it’s software, they are not out of the woods quite yet.
The new iTunes 7 for instance, the boyz are having fun with that right now. Still can’t get root access though, except through another program that does.
I wish Apple would employ more compartmentalized security.
Does one password and key card get you access to the entire Pentagon? Of course not.
Here’s some good info
http://www.macgeekery.com/tips/security/basic_mac_os_x_security
Guess John Gruber owes those Black Hat hackers a apology.
Wrong!
Stop trying to obfuscate the issue. Apple, once again, explicitly has said that SecureWorks failed to provide any information on their so-called exploit.
Apple, however, was concerned enough to initiate an internal audit and discovered 3 vulnerabilities not related to the one the SecureWorks claimed it found.
It’s like SecureWorks claimed it can break into a house because it found one of the windows unlocked. Apple (the homeowner) checks all the windows and finds their are locked, but in the process discovered the lock on the back door is broken. Is that so hard to understand?
Apparently, for SecureWorks fanboys who think no information = proof, it apparently is. John Gruber owes nobody anything, especially since this proves that SecureWorks is still not acting like a security company should.
From the very News.com article that l33th@xx0z hasn’t read himself:
“In a statement released after Black Hat in August, Apple critiqued SecureWorks for saying Macs were insecure. “Despite SecureWorks being quoted saying the Mac is threatened, they have provided no evidence that it is,” a company representative said at the time.
But Apple’s security patches are not related to the Black Hat presentation, a company representative told CNET News.com on Thursday. Instead, the company itself hunted for bugs in its wireless software and uncovered the vulnerabilities, the representative said.”
Also, it should be noted that John Gruber never claimed Apple’s wireless protocols were invulnerable. What John Gruber showed was SecureWorks’ claim was full of BS. It apparently strains the nerve cell of SecureWorks fanboys to see the difference between these two statements, but the two are very different things.
Ironically, the only people claiming Apple’s security is invulnerable are SecureWorks fanboys, who need to invent the claim in order to “prove Apple wrong.” Hello! Apple never claimed – ever – that its security was foolproof, just that SecureWorks was full of BS.
To date, SecureWorks still has been unable to specify the vulnerability. Meanwhile, in the time that SecureWorks has been “suppressed by Apple legal,” Apple somehow manages to find 3 unrelated vulnerabilities on its own and patches them.
Yeah, SecureWorks: “We can’t even demonstrate our own security finds!”
Guess John Gruber owes those Black Hat hackers a apology.
Gruber owes the hackers precisely jack s–t. The hackers are lying sacks of crap and Apple’s internal audit changes that not one bit. Oh, and if the hackers disagree with me, they are always free to take Gruber up on his challenge and prove him wrong.
Dear NewType and LordRobin,
What we have here is a classic case of misinformation.
Fact is Apple DID issue a security update that DOES FIX wireless exploit(s) in Apple hardware/software.
What do you think a “black hat” is anyway? Be glad they wanted to piss you off or nobody would have known.
Have either of you worked for Apple security channels? Then you’ll know they want YOU to find the bugs.
Apple is notoriously lazy when it comes to checking their code.
For instance the launchd exploit, a malformed line of code that left all 10.4-10.4.6 Mac’s completely vunerable. Could have been easily caught if code checking software was used before release.
Here again is a update for wireless software, because APPLE DID A INTERNAL AUDIT.
Now why didn’t Apple do this BEFORE RELEASING THE CODE?
SecureWorks did the right thing, they forced Apple to do their own work..
Kudo’s to SecureWorks!!
l33th@xx0rz,
Oh please. Spare us the trouble of moving the goalposts. While it is always good whenever security holes are patched, to give credit to SecureWorks for today’s patch is nothing but plain ol’ obfuscation.
The fact of the matter is, despite announcing they had discovered a hole, SecureWorks actively denied giving Apple the information to patch that so-called hole. Instead, they spent more than a month making vague insinuations about Apple legal while doing everything possible not to give any information to Apple. This is not the behavior of a responsible security company.
In the process, Apple did manage to find 3 vulnerabilities that were not related to the hole that SecureWorks claimed to find. This does nothing to alter the fact SecureWorks has yet to show exactly what was behind its original claim of vulnerability.
Secondly, for all the misdirection you are attempting, your argument holds water only if you believe Mac OS X to be invulnerable. Apple never claimed its wireless protocols were invulnerable. Apple publically asked, on multiple occasions, for SecureWorks to share its discover, which it turns out SecureWorks still has never done.
In the meantime, Apple did what any responsible company should do, which was to investigate and patch new vulnerabilities it discovered. Today’s patches were definitely not the first nor will they be the last. Apple is the one that did the right thing here, so stop making it seem like SecureWorks is the good guy when, contrary to what security researchers are supposed to do, they have utterly failed to share their discoveries with the community at large.
And no, a videotaped so-called demonstration is not “sharing.”
Don’t make us laugh with any more of piss poor misdirection, l33th@xx0rz.
l33th@xx0rz is smoking that funny weed again.
NewType.. there’s no reasoning with fanbois….. but the good thing is.. no one pays attention to them either.
By the way, according to l33th@xx0rz’s logic, any Black Hat attendee can say, “Hey, I found a vulnerability is Mac OS X!” and the next time Apple releases a series of patches, they would rightly be able to claim credit for “making Apple aware of security issues in OS X.”
Yeah, right.
NewType: I see the distinction, you are right. This is a separate issue… though it is related. I should have waited a bit longer before telling others to wait a bit longer before they judge.
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
Or to paraphrase MDN at the time of the initial report of vulnerabilities:
“Let the Windows infidels bask in their illusion”
“I triple guarantee you, there are no Wireless Vulnerabilities in Mac OS X.”
One point all you guys seem to have missed is that Apple has emphatically claimed that “There is no known exploit for this issue.” Now if the claimed exploit by the so-called black hats (more like muddy brown hats to me) was indeed one of these then Apple would have just breached all sorts of laws with false declarations etc.
Also, seeing as how these incompetent black hats also passed up the opportunity of winning a couple of MacBooks (as offered) for what was supposed to be 60 seconds work, AND DID NOT EVEN TRY, then clearly they are the fakes.
Sheesh !!!!
I like eggs and updates!
The update failed to shut down my Core Duo properly and it required a hard reset to get it shut down. Then it booted with no Dock, etc. A second reboot got things back to normal. It may not happen to you, but be prepared.
In the process, Apple did manage to find 3 vulnerabilities that were not related to the hole that SecureWorks claimed to find. This does nothing to alter the fact SecureWorks has yet to show exactly what was behind its original claim of vulnerability.
Any fool now knows the SecureWorks Black Hat demo was a deception.
And one can’t beleive everything they read online is the whole and complete truth.
Also, seeing as how these incompetent black hats also passed up the opportunity of winning a couple of MacBooks (as offered) for what was supposed to be 60 seconds work, AND DID NOT EVEN TRY, then clearly they are the fakes.
Maybe they didn’t want the MacBooks.
Maybe John Gruber lived too far away to even bother.
Maybe the hackers were busy making millions of dollars spewing spam from their PC botnets.
Doesn’t mean they were fakes.