We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Apple updates strengthen wireless security

New vulnerability leads to internal audit

Apple has released a Security and AirPort update for Mac OS X that fixes vulnerabilities found in the company's wireless drivers. The problems were pinpointed following an internal audit of Apple's software drivers, although the company claimed that no known exploits exist for them.

The internal audit came as a result of claims by a senior researcher at SecureWorks that he had revealed a vulnerability in Apple's MacBook wireless software driver that would allow him to take control of the machine. SecureWorks later clarified its position and said it had used a third-party driver and not Apple's driver.

Apple has maintained that SecureWorks has provided no proof that Mac drivers are vulnerable in any way.

"They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit," Apple spokesman, Anuj Nayar, told us. "Today's update pre-emptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac."

According to the update, two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges.

This issue affects Power Mac, PowerBook, iMac, Mac Pro, Xserve and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook and MacBook Pro computers are not affected.

A heap buffer overflow that existed could have allowed attackers on a wireless network to cause system crashes, privilege elevation or arbitrary code execution.

This issue affects Intel-based Mac mini, MacBook and MacBook Pro computers equipped with wireless, but not the older Power PC-based systems.

The update is available via the Software Update mechanism in Mac OS X.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia