Mac Wireless driver Security vulnerability revisited



A couple weeks ago the hot story was about the demonstration of a vulnerability in a 3rd party wireless card driver on a Mac. The individuals that demonstrated the vulnerability (in a video taped presentation) also claimed that many wireless drivers were vulnerable to this same flaw and it included the MacBook native drivers (among others.) There was immediate controversy over the fact it was a video demo. I thought their explanation for that was reasonable. (They didn’t want to give a room full of crackers a chance to sniff the wireless traffic and get TOO much detail on the exploit before vendors had a good chance to give updates.) Well… at this point it sounds like among other things, they have not yet demonstrated to Apple an effective use of this exploit against the wireless drivers on the macbook.


It seems that Apple has strongly refuted their claims and frankly it’s sounding more and more as though there was a good deal of “smoke and mirrors”. According to the latest update, Atheros (the company that provides the wireless device for the macbooks) hasn’t been notified of any issues either.

Apparently earlier in the year, SecureWorks (the company that presented the supposed vulnerability) had alerted Apple to a wireless vulnerability in the FreeBSD system (which OS X is based on) which related to a vulnerability in the discovery of wireless networks. It’s unclear if that patch had been made in Apple’s OS X.

This really sums it up…

“SecureWorks has not be able to exploit this for us,” Fox said. “No one has been able to show us a way to exploit our internal [wireless] device drviers with that flaw.”

–Update 8/24/06–

It seems the blogstorm over this has not quit. Some are REALLY giving Brian Krebs a hard time over what he reported. Many are jumping to conclusions fairly quickly. George Ou is following some of the “debate”. (Earlier post at this link.) It’s clear from his article that there are things that aren’t publicly known YET. It will be interesting to see how things develop. It sounds as though the situation will hang around a while. The research group that presented the vulnerability apparently didn’t share any code with Apple over the issue, but the way I read it – it is quite likely that Apple’s driver is vulnerable to a similar issue, JUST AS THEY TOLD BRIAN KREBS.

It sounds like the next few days may see some real sparks flying on this story. (Up until now, we’ve only got the “shock and outrage” over the “admission” that it wasn’t an Apple vulnerability…..) Just wait and prepare to read (and think it through), this will be interesting.

Related Posts

Blog Traffic Exchange Related Posts
  • Serious Symantec Antivirus Vulnerability A few things to catch up on this afternoon, but first up is a Serious vulnerability in Symantec Antivirus. (It's always serious when security software has a vulnerability.) The securityfix is reporting that a vulnerability has been discovered in the way Symantec deals with rar archived files. A specially made......
  • RealVNC 4.1.2 update to patch security vulnerability A few hours back, I updated My first post on the RealVNC 4.1.1 vulnerability and just saw another story that did not specify WHICH variation of VNC was at risk. TightVNC and UltraVNC seem to be immune according to the discoverer of the flaw. And as far as I've seen,......
  • More on Explorer vulnerability Among other things... Sans has lowered the infocon to green, NOT that the threat is diminished, but there have been no new developments with regards to the announcement yesterday of a major Internet Explorer security vulnerability. Sans recommends browsing the web with firefox (with the noscript extension, so you can......
Blog Traffic Exchange Related Websites
  • Adobe confirms PDF zero-day, plans rush patch By Gregg Keizer | Computerworld | InfoWorld Adobe today said it would issue an emergency patch the week of Aug. 16 to fix a critical flaw in its Reader and Acrobat software. The bug was disclosed by researcher Charlie Miller at last month's Black Hat security conference when he demonstrated how......
  • What is Patch Tuesday? Excellent explanation of Patch Tuesday by TMI Engineering Patch Tuesday is the second Tuesday of each month, the day on which Microsoft releases security patches. Starting with Windows 98, Microsoft included a "Windows Update" system, that would check for patches to Windows and its components which Microsoft would release intermittently. With......
  • Mac OS X: A Threat is growing… As a devoted Mac user since 1994, it scares me every time I hear other Mac users say, “ The Mac is so safe, I don’t worry about viruses or apply any security features”. Even though to date, there have not been any damaging viruses or attacks successfully applied to......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site