Apple updates AirPort

Apple today released an AirPort update and Mac OS X Security Update 2006-005 for both Panther and Tiger (Tiger PPC-only also available) systems. Both the AirPort and Mac OS X security update address a reliability problem that occurs on a limited number of MacBook Pro systems as well as address security issues for two separate stack buffer overflows in the AirPort wireless driver that affects Mac OS X 10.3.9 or later, a heap buffer overflow that affects Mac OS X 10.4.7 PPC in the AirPort wireless driver, and an integer overflow that affects Mac OS X 10.4.6 Universal in the AirPort wireless driver's API for third-party wireless software. Potential effects of malicious users abusing these security issues range from system crashes to arbitrary code execution. Users can retrieve the update using Apple's built-in Software Update feature, or via Apple's website. [updated]

Speaking directly to the unsubstantiated claims of vulnerabilities in Apple wireless drivers, Apple told Macworld.com that issues found were "the result of an internal audit of the software drivers and that no known exploits exist for the issues addressed in this update."

The publication notes that the internal audit came as a result of claims by a senior researcher at SecureWorks, who initially claimed a vulnerability in Apple's MacBook wireless software driver that would allow him to take control of the machine. After inquiries by Apple and the public, SecureWorks revised its claims, saying it had used a third-party driver to exploit a MacBook. Since then, Apple has said that SecureWorks has not provided any evidence of wireless vulnerabilities in Apple's software.

The security audit, however, revealed separate wireless security flaws: the first AirPort security issue consists of two separate stack buffer overflows that exist in the AirPort wireless driver's handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network, according to Apple. When the AirPort is on, this could lead to arbitrary code execution with system privileges. The issue affects Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected, and there is no known exploit for this issue. The update addresses these issues by performing additional validation of wireless frames.

The second security issue involves a heap buffer overflow that exists in the AirPort wireless driver's handling of scan cache updates. An attacker in local proximity could trigger the overflow by injecting a maliciously-crafted frame into the wireless network, which could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. The issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected, and there is no known exploit for this issue. This update addresses the issue by performing additional validation of wireless frames. The issue does not affect systems prior to Mac OS X 10.4.

The final security concern stems from an integer overflow that exists in the Airport wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage, but no applications are known to be affected at this time, according to Apple. If an application is affected, then an attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into the wireless network. This may cause crashes or lead to arbitrary code execution with the privileges of the user running the application.

Apple aid the issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issues by performing additional validation of wireless frames, and there is no known exploit for the issue. This issue does not affect systems prior to Mac OS X 10.4, according to Apple documentation.

by MacNN Staff