New Apple patch plugs Wi-Fi hijack flaws

A trio of security flaws in Apple Computer software that runs wireless-networking hardware could allow Macs to be hijacked over Wi-Fi, Apple said Thursday.

The Cupertino, Calif.-based company released security updates to repair the problems, which together affect the AirPort wireless driver in Mac OS X 10 Panther version 10.3.9 and Mac OS X Tiger 10.4.7, according to Apple's security alert. Both Intel-based and Power PC-based versions of the Mac operating system are affected, on regular computers as well as on servers, Apple said.

"Attackers on the wireless network may cause arbitrary code execution," Apple said in the alert describing one of the flaws. "Arbitrary code execution" means the intruder can commandeer the system. The other two flaws allow the same type of compromise, but can also cause system crashes or, in one case, privilege escalation, the Mac maker said.

Video: Breaking into a MacBook
Flawed Wi-Fi drivers can expose PCs. In this video from Black Hat, two security researchers show that they can break into a laptop.

There are no known exploits for the vulnerabilities addressed by the update, Apple said. This means people should not be under immediate threat of attack.

Apple's security patches come a month after security researchers at SecureWorks demonstrated at the Black Hat security confab how an attacker could gain complete control over a laptop by sending malformed network traffic to a vulnerable computer. They showed a video of a successful attack on an Apple MacBook.

The researchers used a third-party wireless card in the MacBook for their demonstration, but said the AirPort wireless technology built into the laptop was also vulnerable, creating controversy in the Apple community.

In a statement released after Black Hat in August, Apple critiqued SecureWorks for saying Macs were insecure. "Despite SecureWorks being quoted saying the Mac is threatened, they have provided no evidence that it is," a company representative said at the time.

But Apple's security patches are not related to the Black Hat presentation, a company representative told CNET News.com on Thursday. Instead, the company itself hunted for bugs in its wireless software and uncovered the vulnerabilities, the representative said.

"In August, SecureWorks approached Apple with a potential flaw that they felt could affect wireless drivers on Macs," the representative said. "They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit."

"Today's update preemptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac," the representative added.

A SecureWorks representative did not have an immediate comment.

The three vulnerabilities addressed by Apple all have to do with how the AirPort wireless driver handles "frames." An attacker could exploit the flaw by crafting a malicious frame and making it available on a wireless network used by vulnerable Macs, Apple said.

The first of the flaws, identified by CVE-2006-3507, affects Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve and Power PC-based Mac minis equipped with wireless capabilities. The second issue, identified by CVE-2006-3508, impacts Intel-based Mac mini, MacBook and MacBook Pro computers equipped with wireless. CVE, or Common Vulnerabilities and Exposures, is a list that provides an index of standardized names for vulnerabilities.

The third problem, identified by CVE-2006-3509, is specific to how the AirPort wireless driver interacts with third-party wireless software, according to Apple. It also impacts Intel-based Mac mini, MacBook and MacBook Pro systems equipped with wireless.

The Mac OS security updates are available via Apple's software update utility in the operating system, and from Apple's download site. Only one update is required, and the utility will present the applicable fix, Apple said.

[M C]

Wow. Still going off on the (self)discredited Black Hat stuff, huh?

I mean, it's nice that Apple preemptively found potential issues of their own, but for you to spend half the article going on about something that the "hackers" themselves said wasn't so?

That's why CNet doesn't get taken seriously anymore.

[pencoyd]

What will Jon Gruber have to say?

Look forward to what Daring Fireball has to say about this news.
<a class="jive-link-external" href="http://daringfireball.net/" target="_newWindow">http://daringfireball.net/</a>

[lesfilip]

You imply what, that Gruber was wrong?

Hey pencoyd, read the article again before blabbing:

"Despite SecureWorks being quoted saying the Mac is
threatened, they have provided no evidence that it is," a
company representative said at the time.

Also from the article:

"But Apple's security patches are not related to the Black Hat
presentation, a company representative told CNET News.com on
Thursday"

Have a nice day!

[M C]

Oh, and the headline spin: I expect no less of Mr. Evers.

N/M

[fourmrider]

Mac users are wake up

M C, when you get tired of bashing Evers, you may want to take a second and down load the updates loser. I'm sick of self righteous MAC users whining any time somone threatens the sanctity of their beloved system. The reality is any computer which connects to networks which are not directly controlled by the user of the network can potentially be comprimised. No one makes worms for MACs because there is no valuable information stored on MACs. Just a bunch of whiney editorial emails about how great MACs are. YOUR SYSTEM IS VULNERABLE!!!! Accept it and move on.

[NeverFade]

blah, blah, blah

blah, blah, blah.. erm, don't care what you say, specially since
you don't know how to use proper grammer... "Mac users are
wakeup"? What are you, foreign?

My mac has been online for 6+ years hosting a server that runs
24/7 with only Mac OSX firewall on. 119,00 viruses... but not on
a Mac. So say what you will. Macs might get them, but not
nearly to the extent of what you're used to. So, while you're
fixing your Dell, I'll be out golfing somewhere.

[Dalkorian]

fourmrider reaction

&gt;M C, when you get tired of bashing Evers, you may want to
take a &gt;second and down load the updates loser.

Uh, we don't have to. Software Update already covered us, in fact
in my case I was covered before reading this article! Can ANY
winblows fanboy ever say that? NOPE!

&gt;I'm sick of self righteous MAC users whining any time somone
&gt;threatens the sanctity of their beloved system. The reality is
&gt;any computer which connects to networks which are not
&gt;directly controlled by the user of the network can potentially
&gt;be comprimised.

All MAC users? You're included in that group fourmrider, since
your machine certainly has a Media Access Controller as well (I
know you meant Macintosh users, but that's not what you said).
But you're right - any computer connected to a network is
potentially vulnerable. The question is how vulnerable. Some are
more vulnerable than others, as proved by the numbers (how
many winblows vulnerabilites are being exploited RIGHT NOW?
Compare that to all known OSX vulnerabilities and do the math!)

&gt;No one makes worms for MACs because there is no valuable
&gt;information stored on MACs. Just a bunch of whiney editorial
&gt;emails about how great MACs are.

Yup, same old rhetoric. I work at a place that is nothing but
Macs (networked to an AIX box). If someone could get in here
and hack these machines, they would OWN this company. But I
guess that isn't valuable to you, since it isn't porn. Children are
all alike - "my toys are better than your toys"! Too bad you can't
support that argument with any actual facts.

The bottom line fourmrider is that you've missed the point
entirely. Yes, Mac's are vulnerable, as are Linux boxes. But they
are NO WHERE NEAR as vulnerable or easy to own as winblows
boxes are. Period. Market share has nothing to do with it, it's all
about security. OSX and *nix OS's have security built in and it's
been refined over the last 30 years, where winblows is just now
trying to apply some level of security to their legacy compatible
system. It's just not going to work, winblows wasn't written to
support multiple users, let alone network security. It's all been
patched in and never has worked decently.

It's true: Windows is a 32-bit patch to a 16-bit shell for an 8-bit
operating system written for a 4-bit processor by a 2-bit
company without 1 bit of sense. "Accept it and move on."

[payshunz]

Your logic is....uh, you have none. Sorry.

Hey, all your Mac are belong to us!

Talk about whiney! Your post is just hilarious! Did you even bother to proofread it before posting? I've never seen such an incoherent, baseless, senseless, futile rant!

I've pared it down some to more clearly state what you seem to have been trying to rant on about:

down load the upadates loser, I'm sick whining sanctity the reality is comprimised no one makes worms bunch of whiney, Accept it and move on.

Better?

[john55440]

Oh-So-Perfect Apple

The myth of oh-so-perfect Apple keeps colliding with reality.:-)

[Bosco714]

RE: Oh-So-Perfect Apple

&gt;&gt;The myth of oh-so-perfect Apple keeps colliding with reality.:-)
&lt;&lt;

Would that reality be that your system is an open sore festering
with viruses compared to the virus free Mac?

Ahh, it must be.

Who said Mac's are perfect?

"The myth of oh-so-perfect Apple keeps colliding with reality."

Apple has always issued security patches for OS X. Apple will
continue to issue patches for OS X.

In-spite of the fact that Apple has issued a patch for WiFi, has
any Mac in real life been exploited through its WiFi? No.

Right now there is no malicious code that exists in the wild that
effectively threatens OS X.

[ronjay]

Nope

No one said Macs are perfect...just better than Wintels! :-)

[payshunz]

...shouldn't you be updating your antivirus s/w?

FYI no one (other than uninformed Windoze users) claims the Mac OS is oh-so-perfect. It's just oh-so-much-more-secure-and-virus-free than anything Microsloth has ever come out with.

There, that's your reality. ;-p

[deadcow]

Inaccurate

"no known exploits exist for the issues addressed in this update".
secureworks used a non-apple driver to gain access, and when they
reported this, they did not give apple any specifics. sounds more
like fear-mongering than true research.

[Mickey2512518]

oh well

yes its true all computers on a network are vulnerable. But since
80% or so of you are useing that crappy Windows, us MAC users
can sleep like babys not worrying about attacks. So i say thanks
and keep buying Windows, I heard Vista is going to be cool!!!

[theheadguy]

This shows how pathetic the writers here are.

This is too funny. Did CNET or Joris Evers report this BEFORE the
FIX was out? Their late reporting and spin on the title makes this
pretty funny. Eventually someone higher up than them will figure
out how pathetic writers like Joris are and get some real ones in his
place.

Also, he links to a video that has been proven to be a fake. Time to
send this to the corrections page. Morons.

[battlecow]

deja vu

didnt i already see this video somewhere where a guy completely pwns a mac computer with wi fi and gains root access...

[corelogik]

using non-apple hardware

you wish,...

[ewelch]

Yeah, Steve writes in assembler...

It was bigfoot who did it!

Man, Winows users are such a bunch of whiners. They take every
chance to take pot shots at Apple - mostly straw men since their
criticisims are either no different than criticisms of all computer
OSs, or because they're simply frustrated that Macs actually ARE
better, but they can't possibly admit that for some people, that's a
fact.

[Macsaresafer]

That was faked.

<a class="jive-link-external" href="http://daringfireball.net/2006/08/curious_case" target="_newWindow">http://daringfireball.net/2006/08/curious_case</a>

[Sunflare98]

apparently desperate for readers

It's simple - use the facts when coming up with a title. It's starting to feel like we're watching Access Hollywood on this site rather than reporting news how it is. If I wanted spin, I'd pick up a supermarket tabloid.

[grandmasterdibbler]

Just take a moment, to think about this article and what it has made us do.

This is an article talking about a problem that has been fixed. That's like sayin. "hey they built a load of aeroplanes without wings! Oh it's okay it's fixed now butoh boy, that would have been a catastrophe!"

I seem to see this quite a lot, there seem to be lots of sensationalist articles on CNet every so often.

Take the title of the article for example,"Apple: Macs vulnerable to Wi-Fi hijacks,". This was true, and the company that makes the product says it is so.
What is the News in that!?

So, they've reported a problem, demonstrated on third party hardware, Apple has admitted to the problem and subsequently fixed the problem.

I know nothing is perfect but in my experience and opinion Macs are better than the other PCs I've used. Now trolls, please re-read the previous sentence before you flame me.

Now, the article title should read, "Apple: Macs vulnerable to Wi-Fi hijacks, well or they were before we fixed the problem and released a patch so there isn't very much here to talk about now is there!"

Lots of the sensationalist articles as mentioned earlier seem to be written mainly to get a rise out of the readers (i.e us).
We fall for it every time, if tomorrow somebody wrote an article saying, "Vista Sucks!" there'd be a massive brawl on the comment blogs, which would follow the lines of, 'if Windows is so rubbish' why does everyone use it and the other favourite, 'who cares about the stupid 2% of the market who get ripped off by the men in white plastic, gee they are really stupid, and we are morally better".

This comment is a plea to the common sense of the readers of Cnet, please don't take the bait, don't fight light children, only in the world of tech could we be so stupid!

Ok say, " you go to Publix, you total idiot, Publix is awfull, you should go to Wal-Mart!" that wouldn't end in a fight like most threads here do!

Just please try and restrain yourselves!

Oh and if you see any sense in what I'm saying post a reply and say so! We could beat the fightmongers!

[Dalkorian]

just maybe ...

... some of us like the fight. ;-)

But seriously, I think some of the issue is that people believe in
what they use and that belief drags passion along for the ride.
So rather than having rational chatter about the pros/cons of
any OS, we get passionate defense of an OS. That tends to
murky up the waters a bit.

Oh, and Wal-Mart sucks. ;-)

[DrtyDogg]

Gotta agree

Blackhat said in there demo that this wasn't a Mac problem, but a hardware(driver) problem. They stated that they only demo'd the exploit on a Mac because they are tired of the Apple "smugness." Check out the ad that is probably playing to the right side of this post to see that. C|net knows that this type of article gets people reading these comments and a new add shows every different post read. One of the most said comments is that C|net is anti-Apple, but I believe they are Pro controversial comments. It makes people read it. Apple is a huge advertiser on C|net, as is M$. They make their money by publishing this type of content, and having ads show while people comment on it. They know that any time they put in a headline anything that is either anti Microsoft or anti Apple it starts these conversations. Which means ad revenue flows.

[Post Producer]

IF YOU ALL BUY A MAC, YOU WILL LOVE IT

Deal with it.

[toosday]

Easy to say, hard to prove.

I'd love to agree with you on that one, but quite a few people I
know who switched to a Mac within the last two years are ready
to switch back to Windows. The reasons vary, fo course, from
apps support (one friend absolutely needs WMP; not Flip4Mac)
all the way to Apple deleting their posts from the Support
Forums. Then, of course, there's the trouble that one person
doens't like the fact that if they want a decent mp3 player, they
MUST buy an iPod. It doesn't seem to be hardware that plays well
with copetition. (I use a Mac and I fall into that last catagory.)

And I know everyone will chime in with, "With a Mac, you get
Windows and Mac OS on one computer." But, most people I've
found would rather stick with one OS that fits their needs than
buy two to split between apps. Why shell out an additional $200
when it's really not necessary.

(Keep in mind that these people are smart enough not to get
their computers hijacked by viruses or spyware, too.)

(Also note that these are just people I know and certainly doesn't
stand for the beliefs of everyone who may ever buy a Mac. I am
just making a point that not everyone will absolutely "love it".)

Cheers

[Tomcat Adam]

Nope.

If I buy a Mac (which are ONLY $2000 CAD and up here) I'm pretty sure I wouldn't love it; I have bills to pay and all.

I'll 'buy' a Mac when I can put it together with my own hands. Or when the prices are reasonable here.