Debate on Mac WiFi vulnerability continues

Apple has just released security patches for its WiFi offering AirPort--and not a moment too soon, either. As Eric Griffith reports, it all began--as these things often do--with a hacking demonstration at the Black Hat USA 2006 event, where SecureWorks' David Maynor, using an Apple MacBook laptop, showed how a hacker could hijack a computer's WiFi connection. The buzz in the tech community about the validity of the demonstration (and the very notion that a MacOS X computer could be vulnerable) reached a level of intensity rarely seen. Some in the pro-Mac cult categorically stated that native Mac WiFi drivers could not be exploited.

The voice of reason, as always, was that of Glenn Fleishman (aptly describing himself as a "Kremlinologist of Apple and WiFi"), who correctly pointed out that those statements were not made by anyone credible and that most analysts believe "the class of exploit described was highly probable in all Wi-Fi adapters, because of its nature."

Without admitting to any vulnerabilities, Apple released three major updates which cover arbitrary code execution and system crashes which can be caused by attackers through the wireless network. The updates are covered by either AirPort Update 2006-001 or Security Update 2006-005, depending on the user's system requirements and whether the system uses an Intel or PowerPC CPU. Apple insists that SecureWorks has not provided it with any evidence of vulnerability exploits, and that the release of the update is "preemptive." Fleishman says he believes Apple's statement that there is no such exploit.

To know more about where we are in this unfolding saga, we will have to wait for ToorCon in San Diego (9/29-10/1). David Maynor and Jon Ellch, who first reported the vulnerability and who have been the subject of the Mac gang's wrath ever since, will present their evidence at the meeting so that we can be in a better position to judge.

For more on the Apple vulnerability debate:
-see Eric Griffith's Wi-fiplanet report
-George Ou's ZDNet update
-and Glenn Fleishman's commentary | analysis

For the Mac followers' treatment of the SecureWorks researchers:
-see this disturbing ZDNet report

You may download the software updates at Apple's Web site

Suggested Articles

In their latest round of comments to the FCC, both users and would-be users of the C-Band argued whether fiber is the best alternative for delivering the types…

Amazon has earned the distinction of having the 3,000th Zigbee-certified product with its second-generation Echo Show.

AT&T says that its involvement in open source groups has helped it cut better deals with vendors, and develop a deeper understanding of the network.