Apple Macbook pro and other wireless fixes
Do you remember the big bruhaha a month or so back about the “apple wireless vulnerability” that everybody picked apart because in the video taped demonstration they used a third party card…. EVEN though the demonstrators stated that the same vulnerability existed in Apple’s own driver some on the internet tore one reporter up over stating that because Apple denied being shown exploit code (slight semantic issue there…) Well… those driver vulnerabilities that must have not existed, were fixed today by Apple. Brian Krebs has the story, as well as incidents.org
What’s really interesting is that several remote code execution vulnerabilites are fixed in this update, but no credit is given to the company that presented the vulnerability, so it’s either “bad blood” over the issue or a matter of pride for Apple since they’ve not admitted the demonstrated vulnerability was actually in their driver. In fact…. according to the Security Fix post they (Apple) say…
“Basically, what happened is SecureWorks approached Apple with a potential flaw that they felt would affect the wireless drivers on Macs, but they didn’t supply us with any information to allow us to identify a specific problem. So we initiated our own internal product audit, and in the course of doing so found these flaws.”
–Update 10/1/06–
This is still an ongoing controversy. There definitely appears to be bad blood, it’ll continue to be interesting to follow this one.
Popularity: 3% [?]
Related Posts - Another update on the 0day Explorer exploit Well, it looks like quite a bit took place while I was out on the "zero day exploit front". It looks as though there is another update at The Sans Institute. The first thing to notice is that they've raised their alert level to Yellow over the impending active exploitation......
- Firefox zero-day vulnerability (or is it?) I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day... the intent here though is to use the word in this context.... "vulnerability has been released without giving the vendor an opportunity to patch..." Yes,......
- GMail security problem fixed Google's not had a great week it would appear (Sony's had worse... but that's another story). The Analytics launch was somewhat rocky from most accounts and there is a GMail security bug that's been announced and fixed. Details on the bug are here, and a writeup is also here. Apparently......
Related Websites - Revir Malware for OS X Undergoes Revision Topher Kesslerof CNET wrote an interesting article about the PDF-based malware threat for the Mac OS X. Apple had released a new security update, updating its malware definition, aimed at protecting Mac users from this threat, but according to Kessler's article, it seems to have been revised. Read more: http://www.itproportal.com/2011/09/27/apple-counters-pdf-trojan-threat-malware-definition-update/#ixzz1ZvQRk8xN......
- Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution Vulnerability in Windows Shell Could Allow Remote Code Execution Published: July 16, 2010 Version: 1.0 General Information Executive Summary Microsoft is investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell, a component of Microsoft Windows. This advisory contains information about which versions of Windows are vulnerable as......
- Determining the Best Age to Start Social Security Many baby boomers are in the home stretch toward retirement and thinking about what will be the best age for them to claim Social Security retirement benefits. I have already written about this issue from several different angles but I thought it would make sense to pull all of that......
Similar Posts
- Mac Wireless driver Security vulnerability revisited
- Wireless Driver Vulnerabilities
- Intel Proset Wireless update
- Apple iTunes vulnerability on Windows
- Firefox zero-day vulnerability (or is it?)