Less Than a Minute to Hijack a MacBook's Wireless

Kadin2048 writes "As reported by Ars Technica and the Washington Post, two hackers have found an exploitable vulnerability in the wireless drivers used by Apple's MacBook. Machines are vulnerable if they have wireless enabled and are set to connect to any available wireless network, fairly close to their default state, and the exploit allows an attacker to gain "total access" -— apparently a remote root. Although the demo, performed via video at the BlackHat conference, takes aim at what one of the hackers calls the "Mac userbase aura of smugness on security," Windows users shouldn't get too smug themselves: according to the Post article, "the two have found at least two similar flaws in device drivers for wireless cards either designed for or embedded in machines running the Windows OS." Ultimately, it may be the attacks against embedded devices which are the most threatening, since those devices are the hardest to upgrade. Currently there have not been any reports of this vulnerability 'in the wild.'" According to this story at ITwire.com, they were able to exploit Linux and Windows machines, too. (Thanks to Josh Fink.)

Why did they need a 3rd party card?

[VTrain0]

If the flaws are in Apple's drivers, why did they need to plug a 3rd party card into the MacBook? What user would ever plug a 3rd party redundant wireless card into their computer? Presumably, if they could hack Apple's drivers they wouldn't need the other card. All this video shows is a 3rd party wireless card with crappy drivers.

Re:Uh

[Daniel+Dvorkin]

Windows users are always accusing Mac users of smugness, but there's nobody more smug than a Windows user observing that one (1) particular security vulnerability has been found for Macs. This strikes me as akin to someone with AIDS being smug because some previously healthy person has caught a cold.