Apple closes Wi-Fi hole

Security update fixes an AirPort vulnerability disclosed in November as part of the Month of Kernel Bugs campaign.

Apple late on Thursday released a security update to plug a publicly known security hole in its AirPort product.

The update fixes a vulnerability that affects both the server and client versions of Mac OS X, Apple said in its alert. The problem was disclosed in November as part of the Month of Kernel Bugs campaign.

An attacker could exploit the flaw over a wireless network by sending malicious data to a vulnerable Mac, Apple said. "An attacker in local proximity may be able to trigger a system crash by sending a maliciously crafted frame to an affected system," it said in the alert.

The issue affects the Intel Core Duo-based versions of Mac mini, MacBook and MacBook Pro computers equipped with wireless, Apple said. Other systems, including the Core 2 Duo versions of the same machines are not affected, it said.

Apple fixed the issue by adding more validation of wireless frames, the Cupertino, Calif., company said. The AirPort Extreme Update 2007-001 can be obtained from the Software Update feature in Mac OS X or Apple's Software Downloads Web site.

Vulnerabilities in the Mac OS X have been rising, leading some experts to note that the Macintosh platform is not impervious to security problems. The vast majority of security vulnerabilities, however, affect computers running Microsoft Windows. Also, attacks on Macs have largely been theoretical so far.