Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Patches Wireless Drivers

Posted by ryuzaki0 on from the back-on-track dept.

Frank writes "Apple quietly released a pair of patches today to its wireless drivers. The patches (one for PowerPC, one for Intel) address distinct buffer overflow vulnerabilities found during an internal audit in response to the claim that fuzzing the drivers resulted in an exploitable failure."

5 of 143 comments (clear)

  1. Re:erhm by bobalu · · Score: 4, Insightful

    I think that's a bit harsh. And since I know both my neighbors and they're both developers who I'd trust with my network, and they're both over 200' away, I could give a flying rat's ass anyway.And if Wall Street gave f**** about network security Microsoft would be trading at $1/share.

    --
    The revolution will NOT be televised.
  2. Re:Why not... by Anonymous Coward · · Score: 4, Insightful

    Fucking hipocrisy

    Welcome to Slashdot.

  3. Re:This does NOT make the SecureWorks story true! by Anonymous Coward · · Score: 5, Insightful

    So now we should give credit to companies for announcing that there could be unspecified vulnerabilities in components!? Oooh. Oooh. There could be a vulnerability in Windows Vista's USB drivers! But I'm not going to say what it is! But now they have to credit me every time one is discovered and released!

    90% of the driver code processes wireless frames. Saying that there is a vulnerability in the wireless driver when processing malicious frames provides zero information on an actual vulnerability.

  4. "Quietly" by Overly+Critical+Guy · · Score: 5, Insightful

    "Apple quietly released..."

    It's in Security Update where every other update goes, and a spokesperson even talked with MacWorld about it. What's quiet about the release?

    --
    "Sufferin' succotash."
  5. Re:what gets me... by anti-drew · · Score: 4, Insightful

    Speaking as someone who did five years at Apple, the company certainly does audit stuff before it's released -- particularly network and filesystem code. Patches and bugfixes also tend to get code-reviewed right inside the bug report by several people outside of the core group with good security experience, and reviewed again before they make it into a release. The main problem is that there are so many lines of code and only a finite amount of time, and the more subtle problems take longer to detect. There is a cost-to-profit tradeoff after a certain point.

    It's like microwave popcorn. You nuke it and in the first few minutes you can get almost all of the kernels (exploits) popped. Then the rate of popping slows down. After a while, you simply have to stop or else you'll burn right through your profit (of warm, yummy popped corn).

    And that's just not worth it. No matter what there will always be a few hiding way down in the bottom of the bag. You can burn through the whole thing and still never pop them all.