New Apple patch plugs Wi-Fi hijack flaws

Security updates plug a trio of flaws that could be exploited to break into Macs via Wi-Fi connections.

Joris Evers
Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
3 min read
A trio of security flaws in Apple Computer software that runs wireless-networking hardware could allow Macs to be hijacked over Wi-Fi, Apple said Thursday.

The Cupertino, Calif.-based company released security updates to repair the problems, which together affect the AirPort wireless driver in Mac OS X 10 Panther version 10.3.9 and Mac OS X Tiger 10.4.7, according to Apple's security alert. Both Intel-based and Power PC-based versions of the Mac operating system are affected, on regular computers as well as on servers, Apple said.

"Attackers on the wireless network may cause arbitrary code execution," Apple said in the alert describing one of the flaws. "Arbitrary code execution" means the intruder can commandeer the system. The other two flaws allow the same type of compromise, but can also cause system crashes or, in one case, privilege escalation, the Mac maker said.

Click here to Play

Video: Breaking into a MacBook
Flawed Wi-Fi drivers can expose PCs. In this video from Black Hat, two security researchers show that they can break into a laptop.

There are no known exploits for the vulnerabilities addressed by the update, Apple said. This means people should not be under immediate threat of attack.

Apple's security patches come a month after security researchers at SecureWorks demonstrated at the Black Hat security confab how an attacker could gain complete control over a laptop by sending malformed network traffic to a vulnerable computer. They showed a video of a successful attack on an Apple MacBook.

The researchers used a third-party wireless card in the MacBook for their demonstration, but said the AirPort wireless technology built into the laptop was also vulnerable, creating controversy in the Apple community.

In a statement released after Black Hat in August, Apple critiqued SecureWorks for saying Macs were insecure. "Despite SecureWorks being quoted saying the Mac is threatened, they have provided no evidence that it is," a company representative said at the time.

But Apple's security patches are not related to the Black Hat presentation, a company representative told CNET News.com on Thursday. Instead, the company itself hunted for bugs in its wireless software and uncovered the vulnerabilities, the representative said.

"In August, SecureWorks approached Apple with a potential flaw that they felt could affect wireless drivers on Macs," the representative said. "They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit."

"Today's update preemptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac," the representative added.

A SecureWorks representative did not have an immediate comment.

The three vulnerabilities addressed by Apple all have to do with how the AirPort wireless driver handles "frames." An attacker could exploit the flaw by crafting a malicious frame and making it available on a wireless network used by vulnerable Macs, Apple said.

The first of the flaws, identified by CVE-2006-3507, affects Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve and Power PC-based Mac minis equipped with wireless capabilities. The second issue, identified by CVE-2006-3508, impacts Intel-based Mac mini, MacBook and MacBook Pro computers equipped with wireless. CVE, or Common Vulnerabilities and Exposures, is a list that provides an index of standardized names for vulnerabilities.

The third problem, identified by CVE-2006-3509, is specific to how the AirPort wireless driver interacts with third-party wireless software, according to Apple. It also impacts Intel-based Mac mini, MacBook and MacBook Pro systems equipped with wireless.

The Mac OS security updates are available via Apple's software update utility in the operating system, and from Apple's download site. Only one update is required, and the utility will present the applicable fix, Apple said.