Apple updates strengthen wireless security
Apple on Thursday released a Security and AirPort update for Mac OS X that fixes vulnerabilities found in the company’s wireless drivers. Apple said the issues found were the result of an internal audit of the software drivers and that no known exploits exist for the issues addressed in this update.
The internal audit came as a result of claims by a senior researcher at SecureWorks that said he had revealed a vulnerability in Apple’s MacBook wireless software driver that would allow him to take control of the machine. SecureWorks later clarified its position and said it had used a third-party driver and not Apple’s driver.
Apple has maintained that SecureWorks has provided no proof that Mac drivers are vulnerable in any way.
“They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit,” Apple spokesman, Anuj Nayar, told Macworld. “Today’s update preemptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac.”
According to the update issued by Apple, two separate stack buffer overflows exist in the AirPort wireless driver’s handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges.
This issue affects Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected.
A heap buffer overflow that existed could have allowed attackers on a wireless network to cause system crashes, privilege elevation or arbitrary code execution.
This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless, but not the older Power PC-based systems.
The update is available via the Software Update mechanism in Mac OS X.