updated 02:35 am EST, Thu March 1, 2007
Mac WiFi hack demoed
The much publicized Mac WiFi hack from last summer may have been real after all, according to the original researcher who discovered the alleged vulnerability and promised to release the code. The security flaw, which Apple blamed on a third-party WiFi card, appears to affect pre-Mac OS X 10.4.8 systems; it was demonstrated on Wednesday on a MacBook running Mac OS X 10.4.6 at the Black Hat DC event, but researchers note that updates to fix the problem have been around since last September. CNET News.com reports that the Mac crashed crashed while scanning for a wireless network and coming across the malicious code researcher David Maynor was using from his Toshiba laptop. Though he demonstrated only caused a crash, Maynor claimed the exploit could also be used to run arbitrary code on the Mac.
In addition, the researcher claims that Apple last year exerted undue pressure to force a publicly apology and threatened his then-employer SecureWorks with a lawsuit, leading to a cancelation of his presentation at event scheduled for San Diego.
Last year Maynor along with another researcher initially touted a similar exploit but later admitted that the Mac laptop was in fact exploited using a third-party wireless device driver, not Apple's own default software. Apple claimed that the researcher did not cooperate and did not provide any details, but its AirPort security updates, released a month after the initial demo, were simply a result of a thorough code review.
Maynor, however, claims that Apple's subsequently released Mac OS X 10.4.8 update included fixes for the problem demonstrated on Wednesday at Black Hat and that he did provide information on the vulnerability as well as packet captures, which helped locate and understand the exploit.
The OS update, he said, was the result of his work to help reveal underlying exploits but Apple refused to admit to the flaws and pressured his previous employer to publicly admit that Macs were not flawed. "Apple released some security patches to address stuff I actually pointed them to and they claimed had nothing to do with me," he told the publication.
A separate WiFi exploit was identified last October in older Macs by other security researchers. The vulnerability affected a small percentage of previous generation AirPort-enabled Macs and does not affect currently shipping or AirPort Extreme enabled Macs, according to a separate report from last fall.
Apple in January addressed the issue with an update to its WiFi drivers and software for some Intel-based Macs: designed for users of both the server and client versions of Mac OS X 10.4.8 Tiger, it patches a vulnerability that enables attackers on the wireless network to cause system crashes.