Wi-fi hijack risk for Macs

Patchy Apple…

A trio of security flaws in Apple software that runs wireless-networking hardware could allow Macs to be hijacked over wi-fi, Apple said on Thursday.

The Mac maker released security updates to repair the problems, which together affect the AirPort wireless driver in Mac OS X 10 Panther version 10.3.9 and Mac OS X Tiger 10.4.7, according to Apple’s security alert. Both Intel-based and Power PC-based versions of the Mac operating system are affected, on regular computers as well as on servers, it said.

Apple said in the alert describing one of the flaws: “Attackers on the wireless network may cause arbitrary code execution.” “Arbitrary code execution” means the intruder can commandeer the system. The other two flaws allow the same type of compromise but can also cause system crashes or, in one case, privilege escalation, it added.

There are no known exploits for the vulnerabilities addressed by the update, Apple said. This means Mac users should not be under immediate threat of attack.

Apple’s security patches come a month after security researchers at SecureWorks demonstrated at the Black Hat security confab how an attacker could gain complete control over a laptop by sending malformed network traffic to a vulnerable computer. They showed a video of a successful attack on an Apple MacBook.

The researchers used a third-party wireless card in the MacBook for their demonstration but said the AirPort wireless technology built into the laptop was also vulnerable, creating controversy in the Apple community.

Full story: silicon.com