“Kicking off a ‘month of kernel bugs,’ a security researcher has released attack code that he claims exploits a new security hole in wireless software from Apple Computer,” Joris Evers reports for CNET News.
“The vulnerability lies in the Apple AirPort driver, according to details on the flaw published by H.D. Moore, the developer of the Metasploit security tool. It affects only the AirPort driver provided with wireless cards shipped between 1999 and 2003 with PowerBooks and iMacs, the posting said,” Evers reports.
Evers reports, “To launch an attempt, the hacker would have to be on the same wireless network as a vulnerable Mac. The attack entails trying to trigger a memory corruption flaw by sending a malformed data packet to the computer, according to Moore’s advisory. But the process isn’t easy, and Moore hasn’t yet been able to gain complete control over a vulnerable Mac, he wrote in an e-mail to CNET News.com.”
Evers reports, “Apple is investigating the flaw, Lynn Fox, a spokeswoman for the Mac maker, said in a statement sent via e-mail. ‘This issue affects a small percentage of previous generation AirPort-enabled Macs and does not affect currently shipping or AirPort Extreme enabled Macs,’ she said.”
Full article here.
MacDailyNews Note: This “attack code” does not affect Apple’s “AirPort Extreme” (802.11g) 54 Mbps wireless networking protocol. It affects Apple’s older “AirPort” (802.11b) 11 Mbps protocol driver for wireless cards shipped between 1999 and 2003.