Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Patches Wireless Drivers

Posted by ryuzaki0 on from the back-on-track dept.

Frank writes "Apple quietly released a pair of patches today to its wireless drivers. The patches (one for PowerPC, one for Intel) address distinct buffer overflow vulnerabilities found during an internal audit in response to the claim that fuzzing the drivers resulted in an exploitable failure."

5 of 143 comments (clear)

  1. Re:Additional background info by Jeff+DeMaagd · · Score: 2, Interesting

    The problem with the whole story is that David Maynor was saying it was the Intel drivers that was at fault, which is an interesting problem because Apple's current notebooks use Aetheros wireless chips.

  2. Dell also released Wireless Patch by Anonymous Coward · · Score: 3, Interesting

    I have a Core 2 Duo laptop with the Intel Wireless chipset. Yesterday I pulled down a "Critical" patch and installed it. It think both Apple and Dell are using the same Intel chipsets, so this is apparently an Intel fix.

  3. Re:There's no flaw, but heres a patch anyway by powermacx · · Score: 5, Interesting

    You highlighted the wrong part. Let me fix that for you:

    Impact: Attackers on the wireless network may cause arbitrary code execution Description: Two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges. This issue affects Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected. There is no known exploit for this issue. This update addresses the issues by performing additional validation of wireless frames.

    The same "no know exploit for this issue" line is on the other two CVEs. So, Apple is saying the the claim made by the SecureWorks guys to Krebs ("the same exploit works on the internal Airport card") is a BIG FAT LIE: they did not have an exploit or if they did, they lied when they said they had shared the details with Apple.

  4. Re:Mac OS X wireless is not robust by SanityInAnarchy · · Score: 2, Interesting

    WPA is not easy. Why make it difficult on yourself?

    But 99% of my headaches have been solved by simply adding networks I like to "preferred networks". Once I do that, all I have to do is "Turn AirPort On", and I'm connected.

    And while I was travelling with my father, he was using XP, I was using OS X, and I could get on the hotel network in three clicks: wireless menu, Comfort Inn (or whatever), then click "yes" to the agreement from a web browser. It took him a bit more time, and my mother's computer can't seem to connect to anything without being set up to always connect to that network...

    And then there's the fact that, yes, OS X is still much more secure than Windows. Ironic to say here, unless you RTFA -- the exploit seems to affect Windows, also. So, all around, OS X seems to be the best OS for wireless, at least until I find a nice gui for Linux wireless.

    --
    Don't thank God, thank a doctor!
  5. 12% of new laptops by argent · · Score: 2, Interesting

    12% of new laptop sales isn't enough people?

    The "market share" dog don't hunt, coward.