 |
 |
Macbook hack and Airport updates.
|
|
|
|
|
Moderator  Join Date: Apr 2000
Location: Gothenburg, Sweden
Status:
Offline
|
|
The Macnn frontpage has a note about Apple updating the Airport drivers to fix a buffer overflow situation. Could it be that the Macbook hack was true after all?
And also: Isn't Apple using the NX bit? WTF?
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status:
Offline
|
|
Originally Posted by P
Could it be that the Macbook hack was true after all?
It seems like the answer is yes:
Impact: Attackers on the wireless network may cause system crashes, privilege elevation, or arbitrary code execution
Description: A heap buffer overflow exists in the AirPort wireless driver's handling of scan cache updates. An attacker in local proximity may be able to trigger the overflow by injecting a maliciously-crafted frame into the wireless network. This could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issue by performing additional validation of wireless frames.
But:
There is no known exploit for this issue.
Is Apple burying their head in the sand?
|
|
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Oct 2005
Location: Los Angeles
Status:
Offline
|
|
I KNEW IT . . . i knew it had to be a wireless issue . . . damn apple and their pride!
|
|
|
| |
|
|
|
|
|
|
|
Forum Regular
Join Date: Feb 2003
Status:
Offline
|
|
Wasn't this thing more a WiFi problem than Apple? Like all laptops that used that WiFi chipset were open to the attack. It's just that it was proved using a MacBook.
|
|
|
| |
|
|
|
|
|
|
|
Administrator  Join Date: Dec 1998
Status:
Offline
|
|
I've updated the article:
"Apple said the issues found were the result of an internal audit of the software drivers and that no known exploits exist for the issues addressed in this update.
The internal audit came as a result of claims by a senior researcher at SecureWorks that said he had revealed a vulnerability in Apple’s MacBook wireless software driver that would allow him to take control of the machine. SecureWorks later clarified its position and said it had used a third-party driver and not Apple’s driver.
Apple has maintained that SecureWorks has provided no proof that Mac drivers are vulnerable in any way.
m.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top
