Flaw discovered in older Apple Airport drivers

“Kicking off a ‘month of kernel bugs,’ a security researcher has released attack code that he claims exploits a new security hole in wireless software from Apple Computer,” Joris Evers reports for CNET News.

“The vulnerability lies in the Apple AirPort driver, according to details on the flaw published by H.D. Moore, the developer of the Metasploit security tool. It affects only the AirPort driver provided with wireless cards shipped between 1999 and 2003 with PowerBooks and iMacs, the posting said,” Evers reports.

Evers reports, “To launch an attempt, the hacker would have to be on the same wireless network as a vulnerable Mac. The attack entails trying to trigger a memory corruption flaw by sending a malformed data packet to the computer, according to Moore’s advisory. But the process isn’t easy, and Moore hasn’t yet been able to gain complete control over a vulnerable Mac, he wrote in an e-mail to CNET News.com.”

Evers reports, “Apple is investigating the flaw, Lynn Fox, a spokeswoman for the Mac maker, said in a statement sent via e-mail. ‘This issue affects a small percentage of previous generation AirPort-enabled Macs and does not affect currently shipping or AirPort Extreme enabled Macs,’ she said.”

Full article here.

MacDailyNews Note: This “attack code” does not affect Apple’s “AirPort Extreme” (802.11g) 54 Mbps wireless networking protocol. It affects Apple’s older “AirPort” (802.11b) 11 Mbps protocol driver for wireless cards shipped between 1999 and 2003.

28 Comments

  1. THIS IS IMPOSSIBLE, MACS ARE IMPERVIOUS TO ATTACK! OS X IS INHERENTLY SECURE, COME ON MAC ZEALOTS, TELL US HOW THIS ISNT NEWS! The arrogance and snide remarks constantly posted on sites like this are why Macs are becoming a big fat target. You asked for it. Flame away.

  2. Funny though that no reports of any incidents have yet to surface concerning any flaws or holes in the Mac OS.
    There are no reports floating about because there are none. All this jibberjabber from these know it alls yet in my 22 years of Mac use I have yet to hear of any breaches, infections and the like of any kind.

  3. “THIS IS IMPOSSIBLE, MACS ARE IMPERVIOUS TO ATTACK! OS X IS INHERENTLY SECURE, COME ON MAC ZEALOTS, TELL US HOW THIS ISNT NEWS! The arrogance and snide remarks constantly posted on sites like this are why Macs are becoming a big fat target. You asked for it. Flame away.”

    1999-2003 indicates OS 9 and 10.0 to 10.2. Panther was securer, then Tiger was (debatably).

  4. So this “flaw” has been out there since 1999 and no one has reported it being exploited, until now (in a lab environment), when the hardware is essentially obsolete (since 2003). And the hack is only partially successful in gaining access. And the hacker has to be on the same wireless network as the victim. And… Gee, I’m trembling with fear…

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.