Network News

X My Profile
View More Activity

Apple Issues Patches for Laptop Wireless Flaws

Apple Computer today issued a trio of software updates to fix three serious vulnerabilities located in the wireless components of a number of its Mac products.

In an advisory, Apple said flaws exist in the Airport wireless device drivers included in the Macbook Pro and other Mac products. The company said the flaws could be exploited by attackers to compromise a vulnerable system remotely just by having the wireless devices turned on and in range of the attacker.

According to Apple, the Aiprort flaws fixed by the first patch are present in Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. The two other updates affect the Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless.

I first wrote about this issue at the Black Hat hacker conference in Las Vegas roughly two months ago, where I witnessed security researcher David Maynor compromising a Macbook from a Windows machine remotely using what he said were flaws in the built-in wireless drivers.

The videotaped demo produced by Maynor and colleague John Ellch shown to Black Hat attendees deliberately used a third-party USB wireless card plugged into a Macbook. To demonstrate the exploit with the Apple wireless drivers before giving the company time to inspect and fix them, they argued, would be irresponsible. Many in the security community -- particularly Mac security enthusiasts -- were eager for more information and charged that the Maynor/Ellch demonstration did not prove that there were flaws in Apple's own wireless components.

I attempted to follow up on several of the points Maynor and Ellch made in their Black Hat talk, but SecureWorks declined to have Maynor comment further. Apple repeatedly said SecureWorks had informed the company of a wireless vulnerability in its products but had shared no code as evidence.

Apple and SecureWorks still apparently differ over which side found the flaw and how exploitable it really is. But one thing now appears quite clear: The built-in wireless device drivers are indeed vulnerable to exploitation in a manner very similar to what Ellch and Maynor detailed in their presentation.

Apple spokesman Anuj Nayar maintains that the company is not aware of any exploit code available to attack these flaws, and that SecureWorks to this day has not shared a working demonstration of how to exploit them.

"Basically, what happened is SecureWorks approached Apple with a potential flaw that they felt would affec tthe wireless drivers on Macs, but they didn't supply us with any information to allow us to identify a specific problem. So we initiated our own internal product audit, and in the course of doing so found these flaws."

I called SecureWorks and Maynor but haven't heard back from either so far. I will update the blog as more of this unfolds.

Update, Sept. 24, 2:00 p.m.: The above post was corrected to include more information on which patches affect which Mac systems.

By Brian Krebs  |  September 21, 2006; 5:10 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Guarding Against the New IE Exploit
Next: Unofficial Patch Released for IE Flaw

Comments

There are actually three vulnerabilities mentioned in that advisory - two of them are Intel-specific: CVE-2006-3508 and CVE-2006-3509.

Posted by: Chris Adams | September 21, 2006 5:54 PM | Report abuse

Yes, well, as is typical with the histrionics on the part of people who don't believe the Mac is more secure than the PCs of the world, once again, we have proof that the Mac is indeed more secure: There is no known exploit for these issues. The fact that Apple is continually proactive on security issues, and not waiting for an actual, real-live exploit before taking action to secure its system, is a far cry from what Microsoftees have to endure every day. There are over two hundred new exploits every day for Windows. Be sure to keep your anti-virus, anti-adware, and anti-spyware programs running and up-to-date out there - except for me and all of us on the Mac side of the equation. I like life over here.

Posted by: WhitIV | September 21, 2006 5:58 PM | Report abuse

"Apple says Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected." - Brian Krebs, above.

"The built-in wireless device drivers are indeed vulnerable to exploitation in a manner very similar to what Ellch and Maynor detailed in their presentation." - BK, above.

Do you see where my cognitive dissonance might be coming from here? Which is it?

Posted by: WhitIV | September 21, 2006 6:04 PM | Report abuse

BK only looked at the exclusion advisory in the first description. The first, CVE-2006-3507, affects "affects Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini"; the second, CVE-2006-3508, affects, "Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless"; and the third, CVE-2006-3509, affects "Intel-based Mac mini, MacBook, and MacBook Pro" computers equipped with wireless. If Maynor/Ellch didn't find this problem, then they probably found something darned close to it.

Posted by: Tom | September 21, 2006 6:22 PM | Report abuse

haha! I knew it!

Now that Apple has released patches maybe Maynor will admit it was an actual Apple Wireless card he exploited in the demo. The MAC address in the video shows it was an Apple!

Brian reported what he saw and did a great job, I think. He interviewed a trusted security expert and let everyone know what took place. Some bashed him really hard (like one dood that kept harassing him in comments and even created a hate blog) and didn't want to just sit back and wait for the facts to start coming out. I hope Maynor comes out and clears things up now. Apple seems to have done their part now (kinda sorta).

In the future it might be a good idea to just wait and see and not totally embarrass yourself when you don't have all the facts.

-David

Posted by: David Taylor | September 21, 2006 6:33 PM | Report abuse

"Apple said flaws exist in the Airport wireless device drivers included in the Macbook Pro and other Mac products....Apple says Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected."

Which is it? Is anyone proofing this copy, let alone fact checking?

Posted by: batguano | September 21, 2006 6:42 PM | Report abuse

The fact still remains: once again, the Mac remains unexploited in the real world.

Posted by: WhitIV | September 21, 2006 6:52 PM | Report abuse

WhitIV: Are you serious? Where have you been sleeping?

google: site:milw0rm.com apple

Milw0rm publishes 'exploits' for pretty much every OS and application that people will pay attention to. This search returns 136 hits. While Mac has WAY fewer exploits release than other operating systems I think your comment of 'unexploited' is absolutely false. I have a feeling you really don't know what you are talking about and trying to jump on some kind of band wagon. I will be more than happy to look at evidence you have that supports your statement.

Posted by: David Taylor | September 21, 2006 7:01 PM | Report abuse

WhitIV, if you go to the Apple site, you can see there are three seperate security flaws that the patch fixes. The different ones affect different machines, but every Mac with a wireless card is affected by at least one of them.

Posted by: Wes | September 21, 2006 7:09 PM | Report abuse

The only people that believe that Macs are more secure than Windows PCs are fools. It is not a matter of "if" a million or so Macs will be eventually wacked, but "when".

Then there will will be gallons of apple juice spilled as these users cry their eyes out because they believed another of the "wunder kids" hype about these systems.

By the way, if Macs are so safe, why do they need security patches at all? They should be perfectly fine out of the box.

Posted by: CJ | September 21, 2006 7:11 PM | Report abuse

The myth of oh-so-perfect Apple once again collides with reality. :-)

The Mac's sole security advantage is its miniscule market share. Virus/worm writers don't want to waste their time by writing code for a computer that has a smaller worldwide market share than that of Fujitsu/Fujitsu Siemens. (Based on IDC's latest market share figures.)

Posted by: JohnJ | September 21, 2006 7:45 PM | Report abuse

You may be able to exploit a system that does not have all of the current updates, but there are NO known exploits in the wild for Mac's that have their software up to date. Milw0rm posts exploits for old and unpatched versions of Mac OS X and its associated applications.

It's always easy to go back to an old system and work on an exploit for an already published vulnerability. Which leads into another common misconception that a vulnerability equals an exploit. Just because a company is prolific in patching their system does not mean that they are more susceptible to attack.


Posted by: Bob J | September 21, 2006 7:57 PM | Report abuse

JohnJ, if the Mac's market share is too small to bother with why do Microsoft and Adobe bother selling software for it?

If your theory is correct then surely it would be just as much of a waste of time for the large companies as for the hackers.

Right??

Posted by: Jeff C. | September 21, 2006 8:46 PM | Report abuse

It's all true. You guys argue about Mac's vs. PC's exactly like your Mustang vs. a Chevy. Jeez! WHo cares! Just someone win the F%$#@*& race!

Sean

Posted by: Sean | September 21, 2006 8:46 PM | Report abuse

Everyone please go back to the comments on this initial blog and see if your name is listed in negative comments. Seriously! Go back over the facts and see what Brian reported and then see what turned out.

http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco.html#comments

Maynor put the facts out there and Mr Krebs reported on them. Some bashed Mr Krebs but if you really look back all the facts were there! All of those that sent hate mail to Brian and posted those horrible comments in his blog should step up to the plate and send him an apology. Brian Krebs is a great reporter. Looking back you can see he was RIGHT THERE ON IT!

Posted by: Hee Hee | September 21, 2006 8:49 PM | Report abuse

@Jeff C: that's gotta be the dumbest challenge I have ever seen.

Fact: Apple's market share is PUNY. Period.
Fact: Neither Abode nor Microsoft make any effort with their products for this reason, despite in the latter case Bill Gates having some kind of wacky idea that if he can keep Apple alive the DOJ won't hound him anymore.

But the point is Adobe are NOT working on software for Apple. They've spent the minimal amount of money and effort possible to get their apps running on OS X PRECISELY because the market share, with the putrid lock-in, is infinitesimal.

All Adobe executables are PEF binaries. Not a one of them is Mach-O which is the only native format for OS X.

And if you can't follow that part of the discussion, maybe it's time you went back to school. Or preschool as the case may be.

Posted by: Horace Sense | September 21, 2006 8:58 PM | Report abuse

Bob J: Don't state your opinion as fact. Milw0rm releases more zero day exploits than any other site on the net. Match up the exploits that are released there against the official advisories. There are 'probably' more zero days than not. Do your research. Zero day exploits have been released for Mac.

I love it when a regular end user tries to pass themself off as a security guy. Lovely.

Posted by: David Taylor | September 21, 2006 9:02 PM | Report abuse

Well Horace, it's true I'm no programmer, but I think I see what you're saying.

Your point is that all Adobe and MS products are EASY to port to OS X but all spyware and viruses are HARD to port over? Again, I'm not a programmer, but I guess that's the point you're making. I couldn't say one way or the other.

At any rate, what's so PUNY about 12%? This entire thing is about wireless security which I'm assuming mostly affects laptops. Last time I checked, Apple had about 12% of the laptop market in the U.S. If you're looking to break into something, that's not a market that you'd totally ignore.

Posted by: Jeff C. | September 21, 2006 9:12 PM | Report abuse

Somehone who goes by the name of Charlie created a 'hate blog' with a title of "Why I hate Brian" has put his blog into 'maintenance mode'. Funny that his blog is no longer available. He is the guy that posted in this blog numerous times with comments on non-related articles on why Brian wouldn't give more information. I saved the entire thread on my system. ;)

Posted by: Charlie is dead | September 21, 2006 9:19 PM | Report abuse

Now that the facts are out (mostly), I'd like to give Brian credit where it is due. He stuck with his story and, aside from some details, was right in the end.

Today's article is nicely done. The comments from the guy at Apple help resolve a lot of the puzzling parts of this story. The security flaws exist; that's the main thing. I was beginning to wonder if we would ever hear about this again.

I'd be interested in hearing what Maynor has to say now and hope he comments. I still find the behavior of the SecureWorks guys puzzling at best and irresponsible at worst. If they had exploit code, they should have shared it with Apple.

Finally, I'd like to point out that this category of exploits affects machines of all stripes. Apple is now pushing out patches and the Software Update mechanism will get most everyone patched. The people who will remain vulnerable will be Windows users who don't get some automated patch for their third-party card.

Posted by: Thor | September 21, 2006 9:29 PM | Report abuse

Thor, I still don't feel that we have ANY answers that matter yet.

All we know is that Maynor/Ellch said they found a problem and we know that Apple fixed some problems.

Until Maynor/Ellch talk about this we have absolutely NO idea if these are the same problems or not. Maybe. Maybe not.

I don't feel like anything about this issue has been resolved until I can get that question answered one way or the other. Neither Brian nor Apple can answer it. Only Maynor/Ellch can say for sure. Let's hope they do.

Posted by: Jeff C. | September 21, 2006 9:31 PM | Report abuse

So hopefully we'll see an apology from wheezing fanboy John Grubor... oh wait, never.

Posted by: Doctor Memory | September 21, 2006 9:39 PM | Report abuse

Horace,

Apple is doing just fine keeping itself alive without help from Bill. And, by the way, Microsoft's Macintosh Business Unit makes Microsoft plenty of money.

Your assertion that Adobe is NOT working on software for Apple will come as big news to Adobe. Quite to the contrary, they have been busily converting the Mac version of their Creative Suite from a PowerPC to Universal Binary, which is a HUGE amount of work. Apple users are a sizeable and important portion of Adobe's customer base.

Posted by: Thor | September 21, 2006 9:40 PM | Report abuse

Huh? Nothing that Krebs reported on has been proven. Apple wasn't told what the flaw was, and like a responsible company, audited all relevant code. They found three potential *crashers*. These may be impossible crashers, as in the requirements to get to that section of code means it is impossible for the data to be invalid, but the added and error check "just in case".

The problem is now days everyone considers a crasher to be a security exploit, even if it can't be used to run any code.

But none of these are what the SecureWorks guys "reportedly" found. Either way, they definitely and without a doubt *lied* on that video. The device they attached was not a wireless device seen by the system at all.

Posted by: Rosyna | September 21, 2006 9:46 PM | Report abuse

Everyone is giving credit to BK, but the vulnerabilities fixed today are not those that were referred to by the original article. There is no relation between these vulnerabilities and the alleged vulnerability discovered by DM (except that the suposed exploit spurred Apple on to conduct an internal audit and find these).

I (and apparently the security team at Apple, from Apple's public comments) am still waiting to hear about DM's vulnerability.

Posted by: Bill | September 21, 2006 9:51 PM | Report abuse

Crashers? Are you high? What about the 'code execution' thingy they talked about.

OMG....i love it! MAC FANATIC!!!! Can you really get the truth from a fanatic?

Posted by: for Rosyna | September 21, 2006 9:53 PM | Report abuse

There is still a lot of truth that is going to come out. I suggest people wait a bit and see what happens. You have to admit, Apple releasing security updates to their wireless drivers is pretty incriminating. Mac 'fanatics' should hold their tounge a bit and see what comes out next.

When you post in this blog please put your real name so we can reflect on your greatness once this is all said and done. :)

Posted by: David Taylor | September 21, 2006 10:00 PM | Report abuse

C'mon, I'm really wanting to hate the Mac here. But you guys can't get it up, can you? The Mac really IS more secure, cheaper and more fun to use (not to mention more stable!) I am so glad I switched. Sorry Symantec, I don't need no stinkin' Norton Utilities or NAV on my Mac!

Posted by: hate | September 21, 2006 10:22 PM | Report abuse

pika

Posted by: pikachu | September 21, 2006 11:57 PM | Report abuse

well, I still hate Brian, and I've maintained that it's possible that Maynor/Ellch discovered something. However, Apple's announcement does not help the Krebster....yet. It's very possible the demo still used "shortcuts" to get it done, and what Krebster was reporting on was those shortcuts. I suspect we'll know soon.

Posted by: charlie is still alive | September 22, 2006 12:00 AM | Report abuse

This can't be the David Taylor from Penn State...

Posted by: Bob J | September 22, 2006 12:12 AM | Report abuse

I will give Maynor and Ellch all due credit.... once they finally prove they have an exploit. That is not a assumed just because of this patch.

On the other hand, the attention given this issue by Apple was at least partly due to their publicity stunt, so I'll give them half points for that.

Posted by: Show me the exploit | September 22, 2006 12:38 AM | Report abuse

Bob J?

Penn State? nope

And charlie! omg man. hahah...

"yet. It's very possible the demo still used "shortcuts" to get it done, and what Krebster was reporting on was those shortcuts. I suspect we'll know soon."

what on earth are you talking about 'shortcuts'? AHAHAHAHAHAH...OMFG
you buried your reputation with the blog you setup but this just takes the cake! SO FREAKING FUNNY!!! HAHAHAHHA

You DO NOT know what you are talking about and it is now clear to everyone on this blog. Thanks for stopping by! w00t! hehe

Posted by: David Taylor | September 22, 2006 12:40 AM | Report abuse

Ahh, feels like it was just yesterday when I left the following comment on this blog:

"Forget knowing nothing about security, sometimes I wonder if Mac zealots can even read. They're sure going to wind up with a lot of egg on their face when Apple ends up releasing a fix for this."

LMFAO, stupid Mac zealots. And double the yolk for John Gruber. ;)

Posted by: n00b | September 22, 2006 2:34 AM | Report abuse

Apple says: "they didn't supply us with any information to allow us to identify a specific problem. So we initiated our own internal product audit"

YOU MEAN THEY DIDN'T AUDIT IT THEMSELVES BEFORE THEN!???????

Apologies for yelling.

Posted by: No Freakin' Way | September 22, 2006 3:49 AM | Report abuse

quote:"Apple and SecureWorks still apparently differ over which side found the flaw and how exploitable it really is. But one thing now appears quite clear: The built-in wireless device drivers are indeed vulnerable to exploitation in a manner very similar to what Ellch and Maynor detailed in their presentation."

quote: Apple repeatedly said SecureWorks had informed the company of a wireless vulnerability in its products but had shared no code as evidence.

If they don't have the code, how did they run the demo?

Of course, DT and company will say Apple is lying. It's possible.

But the possibilty remains that "shortcucts" were taken with the demo, and Krebs failed to ask questions and got suckered.

Apple has consisently said -- no code was shared.

Also SecureWorks just annouced a merger today. No wonder why they've been so quiet. You going to report that, Brian?

Posted by: charlie is still alive | September 22, 2006 3:56 AM | Report abuse

Maynard and Elch claimed to have demonstrated there's a bug in the MacBook's wireless drivers.

On September 4th, Elch posted details. Note how he describes the bug:

"There is a race condition inside the centrino driver ... After many hours of staring at packet dumps I came to the conclusion that the bug wasn't related to specific bytes/ordering of the packets, but the relative times... The reason this bug takes two cards to exploit is that the race condition you are trying to win seems to be so small that a single card can't win it." http://it.slashdot.org/it/06/09/04/1534252.shtml

Compare that with the description Apple provides of the two bugs it found in the MacBook's wireless drivers.

CVE-ID: CVE-2006-3508 -- "A heap buffer overflow exists in the AirPort wireless driver's handling of scan cache updates. An attacker in local proximity may be able to trigger the overflow by injecting a maliciously-crafted frame into the wireless network."

CVE-ID: CVE-2006-3509 -- "An integer overflow exists in the Airport wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage ... [A]n attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into the wireless network."

Notice Apple discovered a heap overflow and an integer overflow, not a race condition. The overflows can be exploited by a "maliciously crafted frame". That is, unlike the bug Maynard and Elch claimed to have demonstrated, these two ARE "related to specific bytes/orderings of the packets". And unlike the bug Maynard and Elch claimed to have demonstrated, these two are NOT related to "relative times". Thus, unlike the bug Maynard and Elch claimed to have demonstrated, these two can be exploited WITHOUT using a second card.

So much for the claim that Maynard and Elch have been vindicated by Apple's Security Update.

What about Brain Krebs?

After pointing out that Apple released a patch for wireless drivers, he says "I first wrote about THIS issue [emphasis added] ... roughly two months ago". He did not. He wrote about a purported bug that, as we now know thanks to Elch, and as Brian Krebs ought to have known, involves a race condition, not a heap or integer overflow.

Krebs goes on to say "Apple and SecureWorks still apparently differ over which side found THE flaw [emphasis added] and how exploitable it really is. But one thing now appears quite clear: The built-in wireless device drivers are indeed vulnerable to exploitation in a manner very similar to what Elch and Maynard detailed in their presentation."

How could Krebs think so if he read Apple's advisories and kept up with whatever public disclosures Maynard and Elch decided to make?

If he didn't read the advisories or missed Elch's public statement, he's either lazy or sloppy or both. If he didn't understand them, he's incompetent. If he did read and understand them, he's a prevaricating. Are there any possibilities I've left out?

As for Maynard and Elch, we still have no independently verifiable evidence of their claim. Maybe they'll provide that kind of evidence tomorrow, or the next day, or maybe next week or next month or next year. Then again, maybe they'll never provide that kind of evidence. Maybe once enough time passes people will forget the bold claim they made, to much fanfare, but without any evidence that can be independently confirmed.

I mean, after all, it's not like Brian Kerbs is ever going to call them on it.

Posted by: Blinded by Disinterest | September 22, 2006 4:13 AM | Report abuse

Blinded by Disinterest:

I am somewhat puzzled why you make refrence to the intel bug. That was a bug Jon Ellch released to show that bugs in drivers were real, but it only affects windows?

Posted by: Dave | September 22, 2006 8:21 AM | Report abuse

Ok, folks, it's not over. Like the man said, "It's not over till the fat lady sings." Or like the famous ball player noted. "It's not over till it's over."

So what do we know?

We know that Apple has released a patch for a couple of vulnerabilities on a number of their wireless systems, and, thanks to "Blinded by Disinterest", we know that they are not the same type of vulnerability reported by M & E.

Close, but no cigar.

We also know that quite a few of the Microsofties (thanks, dude, I like that term!) don't really read anything that has the word "Apple" in the headlines. They read the words "Apple" and "Patch" and "wireless" and jump immediately to their favorite conclusion: Apple is finally as vulnerable as Windows!

Sorry, folks, you might want to go over to Macworld and read their article about this:

http://www.macworld.com/news/2006/09/21/wireless/index.php

It's a really good read, and covers the story quite well, much better than Krebs did. At least they got the number of vulnerabilites right.

I said it then, and I'll say it now: Maynor and Company fudged their demo. Krebs got taken in on how they did it. Why else would they NOT bother to answer his repeated requests for information?

Notice I didn't say then nor could I say now that there isn't a vulnerability. I'm saying that Maynor couldn't demonstrate it, and had to alter the MacBook to try a demo. Krebs didn't ask the right questions to expose the fake attack, and knows it but won't own up to not asking the hard questions he should have.

Gruber won't apologize, because he has nothing to apologize for. He was another one that never said that there wasn't a vulnerability, but that the demo didn't demonstrate one. Show us one, and we'll admit you're right, he said. He even put his $$$ where his mouth was, but nobody took him up on it. Now we know why.

I'll say it again. Nobody with any sense will say that the Mac OS isn't vulnerable. But as noted above, fully patched Macs are safer than PCs, and, even tho there may be more announced vulnerabilities on Milw0rm, that doesn't mean there is actual exploit code for them.

Look, people watch this stuff closely, and especially regarding Apple. If there really WAS an exploit that could target a fully patched Mac, dontcha think we'd have heard about it?

Post a cite for such a RECENTLY announced exploit here, so we can see it. Don't just spout your OPINION.

Posted by: rahrens | September 22, 2006 8:43 AM | Report abuse

Now that the patch is publicly available, rest assured that there will be exploit code written for the vulns it fixes. That is, if such is not arleady available. If Mac users are complacent with security, they will be targets, and thier systems can be expolited. The existance of a vulnerability this severe and the issuance of patch are proof that Mac users are not as immune to security issues, as their marketing may lead you to believe.

Posted by: Tim B | September 22, 2006 9:38 AM | Report abuse

The comments from the Mac vs PC crowd is really childish. You like Mac's or PC's and you get your work done. Mac are not cheap and serious Mac user pay dearly for using Macs. PC's are cheaper and help people that cannot afford computers get into technology. When companies like Microsoft get big people want to bring them down. When Apple gets bigger the hackers will go after them. Safety is relative and it just a matter of time for any code or equipment. Security is big business and without hackers, the business would not be very good. Of course all code contains mistakes it was created by humans. So stop all this nonsense and contribute your time to help someone in a positive light. Give someone a smile today.
;-)

Posted by: MsFixIt | September 22, 2006 11:08 AM | Report abuse

You Windiots missed this part of the Krebster's blog:
"Apple spokesman Anuj Nayar maintains that the company is not aware of any exploit code available to attack these flaws, and that SecureWorks to this day has not shared a working demonstration of how to exploit them.

"Basically, what happened is SecureWorks approached Apple with a potential flaw that they felt would affec tthe wireless drivers on Macs, but they didn't supply us with any information to allow us to identify a specific problem. So we initiated our own internal product audit, and in the course of doing so found these flaws."

I called SecureWorks and Maynor but haven't heard back from either so far. I will update the blog as more of this unfolds."

So the hack did not prove anything.

Posted by: FactChecker | September 22, 2006 11:57 AM | Report abuse

"As any technophile can tell you, the best technology doesn't always become the dominant one. Just ask fans of the Macintosh, Minidisc or Betamax." - NY Times, David Pogue, 9/21/06

"In one of the strangest conjunctions of bad luck in the history of high tech, one of the world's largest industries -- personal computers -- suddenly seems up for grabs." Michael S. Malone, ABC News.

"...Mac Pro and 64-bit iMacs, and soon, 64-bit MacBook Pro and Xserve, will create mayhem in the PC market because Microsoft and Intel PC makers never staffed or strategized for user-focused innovation." Tom Yager, InfoWorld

"...the most compelling argument for taking a Mac to school is the enormous headache you'll avoid by not having to worry about viruses or spyware. This Windows plague is still not an issue under Mac OS X, a point that I think many virus-weary Windows users have a hard time believing." The Seattle Times [right under Microsoft's nose], Jeff Carlson

"FOR MAINSTREAM computer users doing typical tasks, Apple Computer's Macintosh models have huge advantages over the prevalent Windows computers from companies such as Dell and Hewlett-Packard. The Macs have sleeker hardware designs, a superior operating system, much better built-in software, and virtually no exposure to viruses and spyware. Apple's flagship model, the iMac, is the best consumer desktop on the market. Whether you want to run Mac or Windows programs, an Apple computer may be the only computer you'll need." Walter Mossberg, The Wall Street Journal

Posted by: WhitIV | September 22, 2006 2:29 PM | Report abuse

To those arguign that Apple claims there are no known exploits... Maynord has one working exploit and released enough information and methodology at BlackHat and DEFCON (which I attended) for other hackers to also find and exploit the flaws. The statement that there are no *known* exploits is questionable. Besides, not all hackers/researchers release working exploits once they have developed them! Out-of-the-box, a Mac tends to be more secure than a Windows system; however, that doesn't mean impenetrable. If you really want to get serious about it, OpenBSD is the only OS that can boast "Only one remote hole in the default install, in more than 8 years!".

Posted by: Ben | September 22, 2006 4:23 PM | Report abuse

Dave,

Maynard and Elch claimed to have demonstrated a bug in the wireless driver on an Apple MacBook. That's a laptop computer running Mac OS X with "Intel Inside". (Apple has recently completed its year-long transition from PPC to Intel processors.)

Elch's description of the bug (see the link in my earlier post) doesn't mention Windows at all.

If that's not an answer to your question you might be thinking "Hey, wait a minute. If it's a bug that's Intel-specific but it doesn't affect OS X, does that mean it only affects Windows?"

Unfortunately, no one has any idea whether Maynard and Elch have discovered ANY bug whatsoever. Hence no one is in any position to say whether the purported bug can be exploited only on OS X or only on Windows, on both OS X and Windows, etc, etc.

Usually if a security expert finds a bug and claims it can be exploited, that means they've written code to demonstrate the exploit. It's often called "proof of concept" code because without it there's no proof an exploit exists.

So-called "Responsible" experts (that is, conservative, in a purely descriptive and non-pejorative sense) will notify the vendor and pass along the proof of concept code so the vendor knows the exploit is real and can get to work on fixing the bug being exploited. Sometimes, if a vendor doesn't fix the problem within a certain period of time, a security export will make the exploit public by posting the code, thereby putting pressure on the vendor to get moving more quickly. And in some cases a security export will publicly post the proof of concept code the minute they finish writing it, so users will know ASAP that the exploit is real, thereby putting them in a position to take precautions.

Maynard and Elch claimed that, as of August 2nd, they had finished writing code to prove the exploit exists. And they claim to be particularly "responsible" about disclosing exploits privately with vendors so they can fix whatever's broken.

But curiously, they haven't shown the code to Apple, or to anyone else for that matter. In fact, Maynard and his employer refuse to make any comment on the original claim.

Question: Why haven't they provided the code that would allow their claim to be substantiated? That would only benefit their professional reputations. And it would be big boost for their careers.

Consider two hypotheses:

(A) They were speaking truthfully on August 2nd when they claimed to have finished the development of proof of concept code.

(B) They were speaking ... "less than truthfully".

Now ask yourself which hypotheses does as better job explaining the data.

What do you think?

Posted by: Blinded by Disinterest | September 22, 2006 8:11 PM | Report abuse

The above entry was edited to correct the number of vulnerabilities fixed, which was three (there are of course only three separate CVE numbers associated with these three patches. I think I got tripped up on Apple's description with the first patch -- CVE-2006-3507 -- which said "two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed frames."

Posted by: Bk | September 22, 2006 10:23 PM | Report abuse

Umm, Krebster, you actually still haven't corrected your story.

"In an advisory, Apple said flaws exist in the Airport wireless device drivers included in the Macbook Pro and other Mac products. The company said the flaws could be exploited by attackers to compromise a vulnerable system remotely just by having the wireless devices turned on and in range of the attacker.

According to Apple, the flaws are present in Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Apple says Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected."

There are actually three patches: two are patching the airport drivers in PPC (Broadcom) and Intel (Atheros) mac, and the third is for "the Airport wireless driver's API for third-party wireless software." only in MacBooks, MacBook Pro, and intel MacMinis.

Posted by: Charlie | September 23, 2006 2:17 PM | Report abuse

Nice try Krebs.

"Apple says Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected.

I first wrote about this issue at the Black Hat hacker conference in Las Vegas roughly two months ago..."

And what was the title of that article two months ago? Was it, "Bin Ladin Determined to strike in the US?" Nope, it was "Hijacking a Macbook in 60 Seconds or Less".

The fix Apple found does not affect the MacBook. Whatever you claim to have seen at Black Hat is completely unrelated to this patch. Your initial article is still complete sensationalist unsubstantiated crap.

Posted by: uh | September 23, 2006 9:10 PM | Report abuse

Uh ... "Apple said flaws exist in the Airport wireless device drivers included in the Macbook Pro and other Mac products. ... "Apple says Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected." See, it says "Intel-based." Reading comprehension, folks.

Posted by: poster | September 23, 2006 10:17 PM | Report abuse

From Apple's advisory:

CVE-ID: CVE-2006-3508: This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless.

CVE-ID: CVE-2006-3509: This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless.

Posted by: seriously | September 23, 2006 11:23 PM | Report abuse

Blinded by Disinterest,

that's nice and all, but Apple doesn't use the centrino chipset. And therefore does not use intel hardware for thier wireless chipset. so these people talking about intel/centrino bugs have nothing at all to do with the MacBook as that hardware doesn't exist inside them.

Posted by: rosyna | September 23, 2006 11:53 PM | Report abuse

All I know is that IMMEDIATELY after installing 10.4.7 on my Pismo 400 (1 gb ram,10gb toshiba hd) my airport (original grey unit) started going south!!! It keeps dropping connections to my network that had been rock solid the last 4 years...The only problems were when the Verizon DSL was messed up. The TCP/IP values disappear and it takes me almost forever to get a connection restored..I click the lock to prevent changes but it never holds...Could this problem be due to this "glitch" under discussion? I am at wits end...This does not happen to my imac on the same network..Only difference is that I haven't installed 10.4.7 on the imac...HELP!!!!

Posted by: Mike K | September 25, 2006 5:20 PM | Report abuse

Horace Sense wrote:

"All Adobe executables are PEF binaries. Not a one
of them is Mach-O which is the only native format for OS X."

$ find /usr/local/Adobe/Acrobat7.0 -type f -exec file {} \; | grep ELF | wc -l
39

$ find /usr/local/Adobe/Acrobat7.0 -type f -exec file {} \; | grep -i shell | wc -l
3

ELF are Linux binaries and for my version of Adobe there are 29 of them. The 3 shell scripts will run on either Linux or Macs. Think of shell scripts as something like Windows scripting (batch), but they are infinitely more powerful.

Don't claim that is a really old version of Adobe and they won't make a newer version for Linux any time soon. It is probably over a year old and I haven't updated it. With ggv and gpdf I didn't see the need to. Having said that, it does integrate well in the browser where you have Adobe fill-in forms which is why I downloaded it. I never saw any compelling need to update it.

Linux has an even punier market share than Mac has. What is baffling is why Microsoft and Microsoft devotees keep bashing Linux. If Adobe takes Linux seriously enough to provide their reader for it, I am quite certain they will take a Mac which has greater market share seriously enough to provide all of their products for it.

If you don't like a Mac, fine. Don't use one. If you are happy with your Mac, fine. Continue to use it.

So, Horace Sense, get some horse sense. I am quite sure that Adobe makes ALL of their products available for the Mac.

Posted by: hhhobbit | October 1, 2006 11:56 PM | Report abuse

I sometimes feel uneasy about the sheer volume of viruses (not spyware, hijackers etc)which appear weekly and the related question of who writes them.

Fact: we know that Win*** type anti-infection tools (as found on Google) deliberately create malware. They are very succesful criminal conspiracies: so programmers are available and willing to work with crooks. But the worrying symbiosis between large respectable AV companies and the viruses themselves seems impossible to research.

The strongest argument against the possibility that people might be creating viruses with the primary purpose of sustaining anti-virus companies is that somebody would have blown the whistle by now. Agreed. On the other hand the argument is also made that there are so many lonely geeks out there doing it for love - remember I'm talking viruses not scamming - that there is no need for market
stimulation.

Now the crux: if most virus
creators are acned geeks with a need to try and outwit the world why haven't they attacked Apple on any scale? On the geek theory there should be more attempts on Apple because of the challenge. But there aren't. And on the other hand the argument is offered that there are so many Windows
machines that it's not (presumably financially) worthwhile. But - again we're talking viruses only - that contradicts the geek theory!

I can assure you I'm not a conspiracy theorist but we need some more research on the history, job background etc of detected virus creators.

Posted by: John Blacksmith | October 3, 2006 10:50 AM | Report abuse

Great work!
[url=http://amyqgbcs.com/hcuh/cmxq.html]My homepage[/url] | [url=http://lofbqdxl.com/bbop/yiwn.html]Cool site[/url]

Posted by: Keith | October 13, 2006 4:00 PM | Report abuse

Posted by: Debbie | October 13, 2006 4:02 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company