Flaw discovered in older Apple Airport drivers

“Kicking off a ‘month of kernel bugs,’ a security researcher has released attack code that he claims exploits a new security hole in wireless software from Apple Computer,” Joris Evers reports for CNET News.

“The vulnerability lies in the Apple AirPort driver, according to details on the flaw published by H.D. Moore, the developer of the Metasploit security tool. It affects only the AirPort driver provided with wireless cards shipped between 1999 and 2003 with PowerBooks and iMacs, the posting said,” Evers reports.

Evers reports, “To launch an attempt, the hacker would have to be on the same wireless network as a vulnerable Mac. The attack entails trying to trigger a memory corruption flaw by sending a malformed data packet to the computer, according to Moore’s advisory. But the process isn’t easy, and Moore hasn’t yet been able to gain complete control over a vulnerable Mac, he wrote in an e-mail to CNET News.com.”

Evers reports, “Apple is investigating the flaw, Lynn Fox, a spokeswoman for the Mac maker, said in a statement sent via e-mail. ‘This issue affects a small percentage of previous generation AirPort-enabled Macs and does not affect currently shipping or AirPort Extreme enabled Macs,’ she said.”

Full article here.

MacDailyNews Note: This “attack code” does not affect Apple’s “AirPort Extreme” (802.11g) 54 Mbps wireless networking protocol. It affects Apple’s older “AirPort” (802.11b) 11 Mbps protocol driver for wireless cards shipped between 1999 and 2003.

28 Comments

  1. THIS IS IMPOSSIBLE, MACS ARE IMPERVIOUS TO ATTACK! OS X IS INHERENTLY SECURE, COME ON MAC ZEALOTS, TELL US HOW THIS ISNT NEWS! The arrogance and snide remarks constantly posted on sites like this are why Macs are becoming a big fat target. You asked for it. Flame away.

  2. Funny though that no reports of any incidents have yet to surface concerning any flaws or holes in the Mac OS.
    There are no reports floating about because there are none. All this jibberjabber from these know it alls yet in my 22 years of Mac use I have yet to hear of any breaches, infections and the like of any kind.

  3. “THIS IS IMPOSSIBLE, MACS ARE IMPERVIOUS TO ATTACK! OS X IS INHERENTLY SECURE, COME ON MAC ZEALOTS, TELL US HOW THIS ISNT NEWS! The arrogance and snide remarks constantly posted on sites like this are why Macs are becoming a big fat target. You asked for it. Flame away.”

    1999-2003 indicates OS 9 and 10.0 to 10.2. Panther was securer, then Tiger was (debatably).

  4. So this “flaw” has been out there since 1999 and no one has reported it being exploited, until now (in a lab environment), when the hardware is essentially obsolete (since 2003). And the hack is only partially successful in gaining access. And the hacker has to be on the same wireless network as the victim. And… Gee, I’m trembling with fear…

  5. Gee, Yup, when ZERO Macs have been affected, you define it as a “Big Fat Target”?
    Dang! You musta learnt sum dat newfangled “new math” I’ve been reading about! ‘Doze sycophants can only DREAM about an “exploit” in which it took 6 years to be “unable to gain complete control over a vulnerable Mac”.
    Dude, your reading comprehesion skills need honing, so until you sharpen up a bit, spare yourself further public embarrassment and crawl back under your bridge.

  6. Security is inherent to unix operating systems, Mac OS X included.

    The design of unix operating systems is predicated on a multiuser, networked and permissions based environment. They are inherently more secure than Windows-based operating systems and proven to be so in every level of usage.

    From day one, unix operating systems have had these things in mind.

    Contrast that to the Windows operating systems, all of which have had these things tacked on years into their development, as a grudging, hamfisted afterthought.

    :shrug:

    No amount of Microsoft apologizing can deny that.

  7. HEHAHAHAHHAHAHH

    Thanks you. Was a good laugh. Are you serious? Can’t be, right? No one can be THAT desperately seeking for vulnerability on Mac OS X so to be able to say the nonsense you posted. You must be joking, or you must be stupid. In both cases you make for a good LAUGH!

  8. “To launch an attempt, the hacker would have to be on the same wireless network as a vulnerable Mac… But the process isn’t easy, and Moore hasn’t yet been able to gain complete control over a vulnerable Mac”

    This is news?

  9. Well ‘yup’, you ARE right. Macs have been a big fat juicy target for along time.

    But you know what?

    All the attackers do is chip around the edges, make proof of concepts, generate a LOT of noise from MS acolytes like yourself, and then what?

    Nothing. Absolutely nothing. It all dies down and in 6 months time we’ll see the same thing happening.

    Apple will fix this now in any event and that’ll be the end of it.

    Call me smug if you want to. But I have the evidence of years of happy bug free computing behind. Which you wouldn’t even understand for one minute…poof, there’s another in Windows, ping, and another. You’ve probably got some Romanian mafia gang sending spam email from your Windows PC as you posted..!

    Rant rant rant..be quiet Macaday and do some work..

    ” width=”19″ height=”19″ alt=”zipper” style=”border:0;” />

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.