Apple Patches AirPort WiFi Flaw

Originally disclosed in November on the "Month of Kernel Bugs" blog, the plug is the second fix the Mac maker has released this week. According to the Apple alert, the update corrects a vulnerability that affects the Mac OS X client and server versions 10.4.8.

The problem involves the company's Intel-based CoreDuo systems equipped with wireless functionality, including the Mac mini, MacBook and MacBook Pro, the alert said. Other systems, including versions of the Core 2 Duo, have not been affected.

Flying Bug

The bug affects the way that the AirPort Extreme driver handles wireless frames. The Apple alert asserts that an out-of-bounds memory read could occur as a result and that the impact of an attack on a wireless system could cause system crashes.

"An attacker in local proximity may be able to trigger a system crash by sending a maliciously-crafted frame to an affected system," the alert stated. The vulnerability was patched "by performing additional validation of wireless frames."

The AirPort flaw is particularly pernicious, said Gartner (NYSE: IT) analyst Rich Mogull, because an attacker need only be within the wireless signal range and send the victim a wireless packet.

"It depends on the wireless range, but typically it's the kind of thing where if you're at an airport, a conference or an Internet cafe, those are the areas we would expect you to be at risk for this," Mogull explained.

WiFi Woes

Over the past six months, security researchers have unearthed a series of problems with Apple's WiFi functionality. The first came last August at the Black Hat security conference in Las Vegas. Software built into wireless networking hardware, which enables the device to communicate with a computer's operating system, could be exploited, revealed SecureWorks researchers David Maynor and Jon Ellch.

A hacker , they said, would only need to be within range of a WiFi signal, about 100 feet, to launch an attack using a rootkit that allowed them gain control of the system. Once in control, they were able to access passwords, bank accounts and other private information as well as create, read and delete other files stored on the computer. The flaw, they said, was common in both laptops and desktop computers.

Similar flaws existed in systems using Microsoft (Nasdaq: MSFT) Windows and Linux open source operating systems, the pair stated, though the video demonstration they presented used a MacBook the show how the vulnerability could be exploited.

Remote Memory Corruption

In November, H.D. Moore, director of security research for BreakingPoint Systems, released computer code demonstrating how hackers could exploit an unpatched flaw in Apple's first generation of AirPort-enabled Macs.

Powerbooks and iMacs manufactured between 1999 and 2003 are vulnerable to a "remote memory corruption" flaw in the driver. When placed in scanning mode, a malformed probe response frame could be used to corrupt internal kernel structures (which handle information transfers between a system's hardware and software), and lead to a heap buffer overflow and the execution of arbitrary code.

The creator of "Month of Kernel Bugs" blog, known only as "LMH," lead off his 30 days of kernel bugs with the remote memory corruption flaw. On November 30, LMH wrapped up the month with the second AirPort bug. With the release of this most recent patch, Apple has issued fixes for all the aforementioned vulnerabilities, as well as others that Apple discovered, Mogull said.

"There have been a series of moderately serious flaws on Apple's wireless network," said Mogull "These are absolutely something people need to deploy right away."