Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Hardware - Troubleshooting and Discussion > Mac Notebooks > Macbook hack and Airport updates.

Macbook hack and Airport updates.
Thread Tools
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
Sep 21, 2006, 05:17 PM
 
The Macnn frontpage has a note about Apple updating the Airport drivers to fix a buffer overflow situation. Could it be that the Macbook hack was true after all?

And also: Isn't Apple using the NX bit? WTF?
     
mduell
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status: Offline
Reply With Quote
Sep 21, 2006, 07:35 PM
 
Originally Posted by P
Could it be that the Macbook hack was true after all?
It seems like the answer is yes:

Impact: Attackers on the wireless network may cause system crashes, privilege elevation, or arbitrary code execution

Description: A heap buffer overflow exists in the AirPort wireless driver's handling of scan cache updates. An attacker in local proximity may be able to trigger the overflow by injecting a maliciously-crafted frame into the wireless network. This could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issue by performing additional validation of wireless frames.


But:

There is no known exploit for this issue.

Is Apple burying their head in the sand?
     
quiklee
Senior User
Join Date: Oct 2005
Location: Los Angeles
Status: Offline
Reply With Quote
Sep 21, 2006, 07:40 PM
 
I KNEW IT . . . i knew it had to be a wireless issue . . . damn apple and their pride!
I am part of Lakers Nation and love to buy Used Golf Clubs
     
b11051973
Forum Regular
Join Date: Feb 2003
Status: Offline
Reply With Quote
Sep 21, 2006, 08:08 PM
 
Wasn't this thing more a WiFi problem than Apple? Like all laptops that used that WiFi chipset were open to the attack. It's just that it was proved using a MacBook.
     
mkbhatia
Administrator
Join Date: Dec 1998
Status: Offline
Reply With Quote
Sep 21, 2006, 08:57 PM
 
I've updated the article:

"Apple said the issues found were the result of an internal audit of the software drivers and that no known exploits exist for the issues addressed in this update.

The internal audit came as a result of claims by a senior researcher at SecureWorks that said he had revealed a vulnerability in Apple’s MacBook wireless software driver that would allow him to take control of the machine. SecureWorks later clarified its position and said it had used a third-party driver and not Apple’s driver.

Apple has maintained that SecureWorks has provided no proof that Mac drivers are vulnerable in any way.

m.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 10:35 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,