Mac Wireless driver Security vulnerability revisited



A couple weeks ago the hot story was about the demonstration of a vulnerability in a 3rd party wireless card driver on a Mac. The individuals that demonstrated the vulnerability (in a video taped presentation) also claimed that many wireless drivers were vulnerable to this same flaw and it included the MacBook native drivers (among others.) There was immediate controversy over the fact it was a video demo. I thought their explanation for that was reasonable. (They didn’t want to give a room full of crackers a chance to sniff the wireless traffic and get TOO much detail on the exploit before vendors had a good chance to give updates.) Well… at this point it sounds like among other things, they have not yet demonstrated to Apple an effective use of this exploit against the wireless drivers on the macbook.


It seems that Apple has strongly refuted their claims and frankly it’s sounding more and more as though there was a good deal of “smoke and mirrors”. According to the latest update, Atheros (the company that provides the wireless device for the macbooks) hasn’t been notified of any issues either.

Apparently earlier in the year, SecureWorks (the company that presented the supposed vulnerability) had alerted Apple to a wireless vulnerability in the FreeBSD system (which OS X is based on) which related to a vulnerability in the discovery of wireless networks. It’s unclear if that patch had been made in Apple’s OS X.

This really sums it up…

“SecureWorks has not be able to exploit this for us,” Fox said. “No one has been able to show us a way to exploit our internal [wireless] device drviers with that flaw.”

–Update 8/24/06–

It seems the blogstorm over this has not quit. Some are REALLY giving Brian Krebs a hard time over what he reported. Many are jumping to conclusions fairly quickly. George Ou is following some of the “debate”. (Earlier post at this link.) It’s clear from his article that there are things that aren’t publicly known YET. It will be interesting to see how things develop. It sounds as though the situation will hang around a while. The research group that presented the vulnerability apparently didn’t share any code with Apple over the issue, but the way I read it – it is quite likely that Apple’s driver is vulnerable to a similar issue, JUST AS THEY TOLD BRIAN KREBS.

It sounds like the next few days may see some real sparks flying on this story. (Up until now, we’ve only got the “shock and outrage” over the “admission” that it wasn’t an Apple vulnerability…..) Just wait and prepare to read (and think it through), this will be interesting.

Related Posts

Blog Traffic Exchange Related Posts
  • Glide Effortless to be the first "browser as OS" Ok - browser as OS is a term that has been thrown about and speculated on. The concept is to provide a set of applications through ANY web browser such that it's suitable for doing the majority of your work. Most people speculate on Google being the company to bring......
  • Serious Symantec Antivirus Vulnerability A few things to catch up on this afternoon, but first up is a Serious vulnerability in Symantec Antivirus. (It's always serious when security software has a vulnerability.) The securityfix is reporting that a vulnerability has been discovered in the way Symantec deals with rar archived files. A specially made......
  • Exploit for Unpatched Internet Explorer vulnerability Well.... buckle your seatbelts it's going to be a bumpy start to the week. the securityfix as well as incidents.org are reporting on exploit code that has been released that takes advantage of an unpatched Internet Explorer vulnerability. According to the Sans institute diary entry... they have tested the exploit......
Blog Traffic Exchange Related Websites
  • New iPhone/iPod/iPad with 4.2.1 pre-installed can still be jailbroken All new iPhone/iPod/iPad owners might be wondering if their device with new hardware is vulnerable to exploit found by Geohot. @iphone_dev recently tweeted on Twitter that any new iPhone/iPod/iPad is still vulnerable to the exploits currently available. Here's a How To guide to jailbreak iOS 4.2.1 using redsn0w 0.9.6. And......
  • Delaying Social Security after Stopping Work Some baby boomers are asking the question of what happens to their Social Security retirement benefits if they stop working but do not claim benefits until later. The answer to that question depends on how many working years you have in the system. Your Social Security retirement benefit is based on......
  • Netgear wpn824 Rangemax Netgear wpn824 Rangemax Wireless Router Roam the office with complete security or surf from any couch in the house The Netgear wpn824 Rangemax Wireless Router has made my life allot easier. I get lots of questions from SOHO and SMB techies about how to set up a secure wireless network......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site