Metasploit founder HD Moore has released an exploit for an unpatched vulnerability in the Apple Airport driver that ships with some PowerBook and iMac computers. Moore said the exploit is not related to the Wi-Fi driver flaws discovered and discussed in Aug. 2006 by researchers David Maynor and Jon Ellch at the Black Hat Briefings. Moore, who is collaborating with Ellch on Wi-Fi flaw research, named the exploit after Daring Fireball, a Mac blogger who doubted the Black Hat findings and issued a public challenge to Ellch and Maynor.
did i hear a security-bubble burst?
http://www.microsoft.com/technet/security/bulletin/ms06-oct.mspx
6 critical last month from microstoft..
the bubble isnt gone just yet
Your point? The fact is that Apple’s “invulnerability” illusion is being destroyed.
Let’s see OSX deal with Security when they expose OSX to the world via the PPC->Intel switch
“et’s see OSX deal with Security when they expose OSX to the world via the PPC->Intel switch”
Just before you start frothing at the mouth too much, it appears to imply that this doesn’t affect Intel models at all:
“Moore’s exploit, available here, targets a remote memory corruption flaw that affects the Apple Airport driver provided with Orinoco-based Airport cards (1999-2003 PowerBooks and iMacs).”
i never said apple were invulnerable, but such things have to kept in perspective.
one flaw in osx is heavily publicised because of its rarity, the point we have to worry is when the flaws become so common it isnt worth reporting!!
Aaah, that old Apple trick ….
“Someone’s found a problem! Quick! Throw something out there to distract people!”
did i hear a security-bubble burst?
Did I hear another reference to Artie MacStrawman?
http://www.crazyapplerumors.com/?p=664
A (funny) summary of the wireless hack saga:
http://www.crazyapplerumors.com/?p=665
(strangely no, the part about the lit cigarette in the eye was not made up)
No, but I did see someone jump to a huge conclusion.
POP!
NooooooooOooooOOoooo!
I was so much more secure before someone discovered an exploitable bug in a driver for some hardware I don’t even have!
Now what am I going to do?!!
My mac is going to fill up with viruses and malware faster than I can click “Turn Airport off”!!!
Bring back my invulnerabubble security bubble before I drown in an ocean of crapware!
Damn it, why didn’t I buy a Windows machine, at least then I could rely on good old Microsoft to protect me, and not just some “security bubble” that pops as soon a 5 year old network card driver gets hacked!.
Yay? We found a security hole in wireless cards that were shipped between 1999-2003 … and that affects current customers how?
It affects people who bought a Mac between 1999 and 2003, and still use it.
Do you think that everyone threw away their iBooks and Powerbooks the moment Intel notebooks from Apple became available?
My Mac is from 2002 and it came with wireless card, so I guess I would be affected. I won’t lose any sleep over it, though.
The orinoco drivers are for the original Airport 802.11b wireless cards. The later Airport Extreme ones are based on Broadcoms chipset. I know the difference, because I tried getting Linux working on my macs and the orinoco drivers do not work with any of the Airport Extreme cards, only Airport.
Bottom line is, this exploit doesn’t affect you if you’re using Airport Extreme.
“and that affects current customers how?”
Yea, I’m sure there’s absolutely no-one who still uses a computer that’s 3 years old….
Yea, I’m sure there’s absolutely no-one who still uses a computer that’s 3 years old….
Even 6 year old Macs tend to work just fine and Mac OS X has become more efficient over the years, so yes, plenty of people are still using those computers.
Also, consider that the print and advertising industry does not feel the need to move constantly. You’ll still find people submitting files for Quark XPress 4.11, Illustrator 7, and the like. Some print houses haven’t upgraded simply because most of their clients are still on Mac OS 9. Of course, they’re less likely to use a wireless network, too.
Well it affects me!
I bought my Powerbook in 2002 …
I believe the point of this oft-downmodded post was to point out that this proves nothing. All of the recent drama about Macs having greater security have been a reaction to the increasing popularity and sales of new machines, thus the whole farce about MacBook wireless exploits. Now that there is a wifi exploit that actually exists, little though it may do, it’s still no substantial reason for potential buyers to be afraid, so why should the Anti-Mac Players make a show out of it? To make it look like something it isn’t: a problem with current Macs.
Call the parent off topic if you like, but I sincerely doubt it ever intended to imply that no one was using a machine from 2003, just that no one was buying them from their nearest Apple Store, so what’s the agenda?
Nothing will ever be 100% secure or bug free, but I do believe that Apples patch time is relatively quick, which is what counts.
but I do believe that Apples patch time is relatively quick, which is what counts.
Nah, what counts is how quickly people apply those patches, or if they apply them at all. It’s just like Firefox .. they’re usually pretty quick to patch bugs, but most (all?) of their patches come in the form of minor version upgrades. And even I don’t apply those patches immediately, even when I am prompted to do so via the auto update. Often times, when I’m in the middle of something, it’s just more convenient to hit the ‘Remind me later’ button and deal with it tomorrow. And then tomorrow, the process starts all over again
Edited 2006-11-02 02:10
Well the rule is the same for Apple as it is for MS; if they release a patch and you ignore it, then that really isn’t their fault.
You will find security flaws in ANY OS and I don’t care who makes it. There is no bubble bursting though (as I don’t think there IS a bubble). Sorry for you Mac haters.
It’s always important to make certain that the machines are secure. If it’s true, Apple had better get to solving the problem. If it’s already been patched, it seems as though someone wasted his time writing the exploit.
In other news, what’s this about the new virus that disables the WinXP SP2 firewall?
Too many people are concerned about causing problems for other people. They should be looking for a legitimate job.
Things should be clear about:
– This vulnerability only affects macs that use Orinoco based Airport card, so computers that use Aiport Extrem cards are not affected. And that means affected macs are those sold between 1999 and 2003. So by definition it does not affect intel macs, or what whatever mac sold after 2003.
– Accordind to Moore, right now the exploit triggers a kernel panic, he has did not succeed to produce a remote code execution so far, but he thinks that it might be possible to achieve that.
-Also it seems that the explit only works if the Airport card is in active scanning mode. So it may reduce the chance of succesful attack.
Moore, who is collaborating with Ellch on Wi-Fi flaw research, named the exploit after Daring Fireball, a Mac blogger who doubted the Black Hat findings and issued a public challenge to Ellch and Maynor. “Normally I wouldn’t sink to this level but, damn it, it’s funny,” Moore said of his taunt to Daring Fireball.
From the same article: “Moore said the exploit is not related to the Wi-Fi driver flaws discovered and discussed in Aug. 2006 by researchers David Maynor and Jon “Johnny Cache” Ellch at the Black Hat Briefings.”, so in what way does this imply that “Johnny Cache”‘s supposed exploit (never released) *did* work?
I bet in your life you have never found any flaw or done kernel mode programming. Thats why you sit on your ass here and doubt others….
You are a laaaaaaamerrrrrr
Wow, after a comment like that you *have* to post your CV and a code-portfolio so that we can evaluate your work.
You sound like a really impressive kernel engineer.
it’s a proof of concept
No one’s exploited it. I imagine if a made manhunt was made to find *possible* exploits in four year old windows drivers what would be found.
This just proves what we already know: NOTHING is 100% secure.
Why is it when even a possible exploit is discovered on Mac or Linux or BSD it’s front page news but when ACTUAL windows exploits are being used everyday no one cares?
When Apple feels the need to ship OS X with Norton or McAfee comes included with Linux distro’s, we’ll talk again. But until such a day . . . wake me when there is real news.
Why is it when even a possible exploit is discovered on Mac or Linux or BSD it’s front page news but when ACTUAL windows exploits are being used everyday no one cares?
Because Windows fanboys like to pretend that 1 or even 10 OS X or Linux security patches every so often is the same as Windows’ thousands?
Remember when Microsoft was counting every single vulnerability in the same version of a given program on every distro as a different vulnerability? If we did that with every Windows version (and I’m sure there are vulnerabilities that have existed in Windows since NT 3.1 or even Win3.1 till the present day), you’d probably have to build a supercomputer just to calculate the number of Windows vulnerabilities.
And since that takes a long time, it would more likely run Linux than Windows.
I can see why this was voted down
Whether it currently affects nobody is irrelevant to the issue of the fact that a vulnerability exists. An exploit WILL emerge in the wild. It’s just a matter of when.
So, even if the threat had materialized, it all would come down to how open your WiFi LAN is to possible intruders.
whoah! an exploit for cards that were sold for the last time in 2003. We should be really scared now!
http://blog.washingtonpost.com/securityfix/2006/11/exploit_released…