toggle

AAPL Stock: 119 ( + 1.4 )

Printed from http://www.macnn.com

Apple offers AirPort, Security updates

updated 04:45 pm EDT, Thu September 21, 2006

Apple updates AirPort

Apple today released an AirPort update and Mac OS X Security Update 2006-005 for both Panther and Tiger (Tiger PPC-only also available) systems. Both the AirPort and Mac OS X security update address a reliability problem that occurs on a limited number of MacBook Pro systems as well as address security issues for two separate stack buffer overflows in the AirPort wireless driver that affects Mac OS X 10.3.9 or later, a heap buffer overflow that affects Mac OS X 10.4.7 PPC in the AirPort wireless driver, and an integer overflow that affects Mac OS X 10.4.6 Universal in the AirPort wireless driver's API for third-party wireless software. Potential effects of malicious users abusing these security issues range from system crashes to arbitrary code execution. Users can retrieve the update using Apple's built-in Software Update feature, or via Apple's website. [updated]

Speaking directly to the unsubstantiated claims of vulnerabilities in Apple wireless drivers, Apple told Macworld.com that issues found were "the result of an internal audit of the software drivers and that no known exploits exist for the issues addressed in this update."

The publication notes that the internal audit came as a result of claims by a senior researcher at SecureWorks, who initially claimed a vulnerability in Apple's MacBook wireless software driver that would allow him to take control of the machine. After inquiries by Apple and the public, SecureWorks revised its claims, saying it had used a third-party driver to exploit a MacBook. Since then, Apple has said that SecureWorks has not provided any evidence of wireless vulnerabilities in Apple's software.

The security audit, however, revealed separate wireless security flaws: the first AirPort security issue consists of two separate stack buffer overflows that exist in the AirPort wireless driver's handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network, according to Apple. When the AirPort is on, this could lead to arbitrary code execution with system privileges. The issue affects Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected, and there is no known exploit for this issue. The update addresses these issues by performing additional validation of wireless frames.

The second security issue involves a heap buffer overflow that exists in the AirPort wireless driver's handling of scan cache updates. An attacker in local proximity could trigger the overflow by injecting a maliciously-crafted frame into the wireless network, which could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. The issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected, and there is no known exploit for this issue. This update addresses the issue by performing additional validation of wireless frames. The issue does not affect systems prior to Mac OS X 10.4.

The final security concern stems from an integer overflow that exists in the Airport wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage, but no applications are known to be affected at this time, according to Apple. If an application is affected, then an attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into the wireless network. This may cause crashes or lead to arbitrary code execution with the privileges of the user running the application.

Apple aid the issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issues by performing additional validation of wireless frames, and there is no known exploit for the issue. This issue does not affect systems prior to Mac OS X 10.4, according to Apple documentation.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. Ikon

    Joined: Dec 1969

    0

    update?

    If I only could update :-( The updater refuses to run on my system.

  1. jimothy

    Joined: Dec 1969

    0

    Secureworks

    On the one hand, this makes it look like maybe the Secureworks guys (those of the infamous hack-a-macbook-in-60-seconds video) might not be full of shtuff after all. On the other hand, if Apple is telling the truth that no known exploits exist, maybe not.

    Still, the timing is interesting.

  1. Rosyna

    Joined: Dec 1969

    0

    code audit

    As opposed to the fact the two hosers never contacted apple so apple audited to code looking for all crasher bugs? ie, those two trolls never found anything at all, but apple wanted to triple check.

    If they had found something, all their excuses for hiding it now go out the window.

  1. Rosyna

    Joined: Dec 1969

    0

    yup, internal audit

    http://www.macworld.com/news/2006/09/21/wireless/index.php

  1. Farranco

    Joined: Dec 1969

    0

    Internal Audit

    It might have been an internal audit and Maynor and Ellch might or might have not shared code and information with Apple. But the exploit is exactly what they demonstrated at the conference. I wasn't there and I don't know who said what and to whom; but I am sure there will now be a whole new round of discussion since the security update is out by the end will know even less than what we know now, which is less than what we knew then.

  1. LouZer

    Joined: Dec 1969

    0

    exploits

    regarding known exploits, that's a tricky proposition, as it isn't a question of whether there are exploits, just whether anyone knows about them. (And some might argue that the demo those guys did wasn't technically an exploit of their driver, so it doesn't count, regardless of whether its an exploit of most wireless drivers).

    But, of course, if an exploit is released tomorrow, all Mac users will just say "Yeah, but a patch was released, so its a non-story!", regardless of the fact that most security exploits, esp. in the windows world, are also after-the-fact exploits. Yet windows gets blasted everytime someone comes out with an attack on some year-old buffer overflow problem.

  1. rwahrens1952

    Joined: Dec 1969

    0

    re: exploits

    No, these exploits are NOT the same that Mayner claimed. Maynor claimed an exploit that was based upon timing packets, these involve heap, stack and integer overflows.

    There were several vulnerabilities found in BSD earlier in the year, that Apple determined were not anything that affected Apple systems. Also not the same.

    Maynor & co. did NOT share any code with Apple, so I doubt that they really had anything besides knowledge of a vulnerability.

    And usually, if Microsoft gets slammed for anything, its an exploit that they get hit with BEFORE they either issue a patch or get notified that it exists. Apple is usually quick about issuing patches for things security researchers contact them about and provide code for. They're also pretty good about crediting the researchers involved, too.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

IDrive cloud backup and sync service

There are a lot of cloud services out there, and nearly all of them can be used for backing up key files and folders. A few dedicated ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

MaxUpgrades 512GB Retina MacBook Pro SSD

Apple's Retina line of MacBook Pro notebooks have been impressive, right from their debut in 2012. Thinner than the previous model, t ...

toggle

Most Commented