“Kicking off a ‘month of kernel bugs,’ a security researcher has released attack code that he claims exploits a new security hole in wireless software from Apple Computer,” Joris Evers reports for CNET News.
“The vulnerability lies in the Apple AirPort driver, according to details on the flaw published by H.D. Moore, the developer of the Metasploit security tool. It affects only the AirPort driver provided with wireless cards shipped between 1999 and 2003 with PowerBooks and iMacs, the posting said,” Evers reports.
Evers reports, “To launch an attempt, the hacker would have to be on the same wireless network as a vulnerable Mac. The attack entails trying to trigger a memory corruption flaw by sending a malformed data packet to the computer, according to Moore’s advisory. But the process isn’t easy, and Moore hasn’t yet been able to gain complete control over a vulnerable Mac, he wrote in an e-mail to CNET News.com.”
Evers reports, “Apple is investigating the flaw, Lynn Fox, a spokeswoman for the Mac maker, said in a statement sent via e-mail. ‘This issue affects a small percentage of previous generation AirPort-enabled Macs and does not affect currently shipping or AirPort Extreme enabled Macs,’ she said.”
Full article here.
MacDailyNews Note: This “attack code” does not affect Apple’s “AirPort Extreme” (802.11g) 54 Mbps wireless networking protocol. It affects Apple’s older “AirPort” (802.11b) 11 Mbps protocol driver for wireless cards shipped between 1999 and 2003.
So this is something that is almost four years old, and doesn’t actually *fully* work?
I can smell the FUD beginning to form…
Just wish my POS Airport Express worked the way it was supposed to.
Jon Gruber has already posted a link to a “sensationalized” posting by George Ou. Gruber’s take is great.
http://daringfireball.net/linked/2006/november#wed-01-george_ou
The FUD machine is just getting started on this. It seems to me that the likelihood of getting “exploited” by this is pretty low, even if you are using one of the affected AirPort cards.
THIS IS IMPOSSIBLE, MACS ARE IMPERVIOUS TO ATTACK! OS X IS INHERENTLY SECURE, COME ON MAC ZEALOTS, TELL US HOW THIS ISNT NEWS! The arrogance and snide remarks constantly posted on sites like this are why Macs are becoming a big fat target. You asked for it. Flame away.
Funny though that no reports of any incidents have yet to surface concerning any flaws or holes in the Mac OS.
There are no reports floating about because there are none. All this jibberjabber from these know it alls yet in my 22 years of Mac use I have yet to hear of any breaches, infections and the like of any kind.
flames . . . flames . . . flames . . .
Oh, no . . . I’m melting . . .
Go DK!
“THIS IS IMPOSSIBLE, MACS ARE IMPERVIOUS TO ATTACK! OS X IS INHERENTLY SECURE, COME ON MAC ZEALOTS, TELL US HOW THIS ISNT NEWS! The arrogance and snide remarks constantly posted on sites like this are why Macs are becoming a big fat target. You asked for it. Flame away.”
1999-2003 indicates OS 9 and 10.0 to 10.2. Panther was securer, then Tiger was (debatably).
Note that the attacker has to be on the same network. Most Mac users are intelligent, and should have their home networks protected and not open.
So this “flaw” has been out there since 1999 and no one has reported it being exploited, until now (in a lab environment), when the hardware is essentially obsolete (since 2003). And the hack is only partially successful in gaining access. And the hacker has to be on the same wireless network as the victim. And… Gee, I’m trembling with fear…
Gee, Yup, when ZERO Macs have been affected, you define it as a “Big Fat Target”?
Dang! You musta learnt sum dat newfangled “new math” I’ve been reading about! ‘Doze sycophants can only DREAM about an “exploit” in which it took 6 years to be “unable to gain complete control over a vulnerable Mac”.
Dude, your reading comprehesion skills need honing, so until you sharpen up a bit, spare yourself further public embarrassment and crawl back under your bridge.
Security is inherent to unix operating systems, Mac OS X included.
The design of unix operating systems is predicated on a multiuser, networked and permissions based environment. They are inherently more secure than Windows-based operating systems and proven to be so in every level of usage.
From day one, unix operating systems have had these things in mind.
Contrast that to the Windows operating systems, all of which have had these things tacked on years into their development, as a grudging, hamfisted afterthought.
:shrug:
No amount of Microsoft apologizing can deny that.
HEHAHAHAHHAHAHH
Thanks you. Was a good laugh. Are you serious? Can’t be, right? No one can be THAT desperately seeking for vulnerability on Mac OS X so to be able to say the nonsense you posted. You must be joking, or you must be stupid. In both cases you make for a good LAUGH!
“To launch an attempt, the hacker would have to be on the same wireless network as a vulnerable Mac… But the process isn’t easy, and Moore hasn’t yet been able to gain complete control over a vulnerable Mac”
This is news?
Well ‘yup’, you ARE right. Macs have been a big fat juicy target for along time.
But you know what?
All the attackers do is chip around the edges, make proof of concepts, generate a LOT of noise from MS acolytes like yourself, and then what?
Nothing. Absolutely nothing. It all dies down and in 6 months time we’ll see the same thing happening.
Apple will fix this now in any event and that’ll be the end of it.
Call me smug if you want to. But I have the evidence of years of happy bug free computing behind. Which you wouldn’t even understand for one minute…poof, there’s another in Windows, ping, and another. You’ve probably got some Romanian mafia gang sending spam email from your Windows PC as you posted..!
Rant rant rant..be quiet Macaday and do some work..
Where was the exploit found? Probably in a security update that Apple released. That is where most of the flaws on OS X is found.
Whenever Apple releases a security update, a flaw is announced that Apple had already fixed.
I installed virus software after having a discussion with a friend who uses windows. The software found zero viruses, and I download stuff all the time, and go to porn sites sometimes. (thank god for pop up blocker, built into safari) Then the icons in my dock started disapearing, and applications would freeze sometimes. So I unistalled the software, and wa la, its great again. No viruses ever, no problems, have not reinstalled my system software in 2 and half years. I think the virus “protection” companies are hating because they aren’t needed. People can hate on mac all they want, I can turn on my powerbook check my email and stocks, then turn it off, before I can even open a message in outlook on my work computer when its running and already has outlook opened.
Wake me when a Mac is actually breached. ZZZZZZZZZZZZZZzzzzzzzzzzzzzzz
Oh, My God
This means in about two -eight years, someone will find a flaw with the system I am using now. What should I do????? May stay updated????Maybe stay informed???? NO, I think I willl just throw my hands up and give in to the Dark Side…
DISCLAIMER “I hope my attempt at humor has not offended anyone, especially the stupid ones”
Remember folks the original internet WORM was an attack on Unix machines..it exploited finger or ping…I forget (I hate getting old). Any who….that said….
Unix system exploits are solved by a worlwide community of programmers and scientists because of Open source flavors of Unix. Notice all the attacks on all the machines are usually on proprietary technologies Word Basic, ASP, Active X, AirPort, etc….not on Open source technologies…
What an arguement FOR Open Source software ( and I mean Linux, BSD, Darwin…the whole lot). Maybe the best defense against attacks is not proprietary at all….Sorry Mac Affe…Sorry Symantec…Sorry N.A…Not sorry M.$.
Just my $0.02
In related news, cars from the 60s without seatbelts less safe. Middle class shocked and dismayed.
yup – You might want to try decaf for a while. Also I would suggest a blanky and a nap.
“In related news, cars from the 60s without seatbelts less safe. Middle class shocked and dismayed.”
this was hillarious….
yu is another Mac hater who’s probably stuck with a crappy Dell PeeCee and is now hating folks who actually get to enjoy working on their systems. 3 years of happy computing on my Macs, no virus software, no junk. Goodbye Gates, hello Apple!
Mac rules!
Are they really going to pick a fight on outdated technology that hasn’t been used for nearly 3 years? There is an odor in the air and it smells like desperation. How about this; Let’s compile a list of MS technology that a user might not have updated in a minimum of 3 years and see how that crowd fares. So, that leaves out windows XP service packs 2 and 3. Since the government warned against using XP without at least service pack 2 I don’t think these people can really be commenting on anything Apple. Those in glass houses shouldn’t throw stones.
Even being a long time die-hard Mac fan, I’m interested in hearing these stories. The only thing that makes me a little pissed about most of them though, is this insatiable need to bring the public’s view of the Mac down to the level of MS Windows.
Whateve may be said, make no mistake about these things: There is a difference between OS X and Windows. Apple works hard and spends lots of money NOT taking security issues for granted. Today, and since the implementation of OS X, Macs ARE more secure than any version of Windows, (and I believe Apple will continue to work hard to keep it that way). Even in Apple OS versions prior to OS X, the ratio of viruses comparing any Windows OS to any Mac OS was 500:1, conservatively. And finally, Apple doesn’t waist time yapping about security, it just works at making OS X as secure as is humanly possible – as opposed to MS who’s only real option by now is to accept the state of their art and start trying to nickle and dime consumers by making Windows users pay for security contracts and security software licenses.
Let the Mac flourish, if there’s any real hope for MS in the long term its ONLY GOING TO BE THROUGH COMPETITION. As long as MS has no real competition, what Windows users have had for the better part of the last ten years will be about as good as its going to get.