updated 05:20 pm EDT, Fri August 18, 2006
Wi-Fi MacBook hack
Security researchers who appeared to demonstrate vulnerabilities in wireless device drivers earlier this month using a MacBook now admit that the laptop was in fact exploited using a third-party wireless device driver, not Apple's own default software. "This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers," reads a disclaimer on the SecureWorks website. "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver -- not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available." A responsible demonstration policy forbids the installation of flawed drivers to make a point, according to InformationWeek.
Apple responded to the disclaimer, acknowledging the admission as proof that its systems are not vulnerable as they were made to appear during the conference.
"Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is," said Apple spokesperson Lynn Fox. "To the contrary, the SecureWorks demonstration used a third party USB 802.11 device [...] not the 802.11 hardware in the Mac [...] a device which uses a different chip and different software drivers than those on the Mac."
"To date, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship."