Metasploit founder HD Moore has released an exploit for an unpatched vulnerability in the Apple Airport driver that ships with some PowerBook and iMac computers. Moore said the exploit is not related to the Wi-Fi driver flaws discovered and discussed in Aug. 2006 by researchers David Maynor and Jon Ellch at the Black Hat Briefings. Moore, who is collaborating with Ellch on Wi-Fi flaw research, named the exploit after Daring Fireball, a Mac blogger who doubted the Black Hat findings and issued a public challenge to Ellch and Maynor.
Post a Comment
Member since:
2005-07-06
Member since:2005-07-06
http://www.microsoft.com/technet/security/bulletin/ms06-oct.mspx
6 critical last month from microstoft..
the bubble isnt gone just yet
Member since:2005-11-29
Member since:2006-06-13
"et's see OSX deal with Security when they expose OSX to the world via the PPC->Intel switch"
Just before you start frothing at the mouth too much, it appears to imply that this doesn't affect Intel models at all:
"Moore's exploit, available here, targets a remote memory corruption flaw that affects the Apple Airport driver provided with Orinoco-based Airport cards (1999-2003 PowerBooks and iMacs)."
Member since:2005-07-06
Member since:2006-06-24
Member since:2005-11-06
did i hear a security-bubble burst?
Did I hear another reference to Artie MacStrawman?
http://www.crazyapplerumors.com/?p=664
A (funny) summary of the wireless hack saga:
http://www.crazyapplerumors.com/?p=665
(strangely no, the part about the lit cigarette in the eye was not made up)
Member since:2005-11-10
Member since:2006-01-11
POP!
NooooooooOooooOOoooo!
I was so much more secure before someone discovered an exploitable bug in a driver for some hardware I don't even have!
Now what am I going to do?!!
My mac is going to fill up with viruses and malware faster than I can click "Turn Airport off"!!!
Bring back my invulnerabubble security bubble before I drown in an ocean of crapware!
Damn it, why didn't I buy a Windows machine, at least then I could rely on good old Microsoft to protect me, and not just some "security bubble" that pops as soon a 5 year old network card driver gets hacked!.
Member since:2005-07-06
Member since:2006-07-04
Member since:2005-07-07
The orinoco drivers are for the original Airport 802.11b wireless cards. The later Airport Extreme ones are based on Broadcoms chipset. I know the difference, because I tried getting Linux working on my macs and the orinoco drivers do not work with any of the Airport Extreme cards, only Airport.
Bottom line is, this exploit doesn't affect you if you're using Airport Extreme.
Member since:2005-08-18
Member since:2006-01-23
Yea, I'm sure there's absolutely no-one who still uses a computer that's 3 years old....
Even 6 year old Macs tend to work just fine and Mac OS X has become more efficient over the years, so yes, plenty of people are still using those computers.
Also, consider that the print and advertising industry does not feel the need to move constantly. You'll still find people submitting files for Quark XPress 4.11, Illustrator 7, and the like. Some print houses haven't upgraded simply because most of their clients are still on Mac OS 9. Of course, they're less likely to use a wireless network, too.
Member since:2006-06-24
Member since:2006-03-12
I believe the point of this oft-downmodded post was to point out that this proves nothing. All of the recent drama about Macs having greater security have been a reaction to the increasing popularity and sales of new machines, thus the whole farce about MacBook wireless exploits. Now that there is a wifi exploit that actually exists, little though it may do, it's still no substantial reason for potential buyers to be afraid, so why should the Anti-Mac Players make a show out of it? To make it look like something it isn't: a problem with current Macs.
Call the parent off topic if you like, but I sincerely doubt it ever intended to imply that no one was using a machine from 2003, just that no one was buying them from their nearest Apple Store, so what's the agenda?
Member since:
2006-02-01
Member since:2005-11-13
but I do believe that Apples patch time is relatively quick, which is what counts.
Nah, what counts is how quickly people apply those patches, or if they apply them at all. It's just like Firefox .. they're usually pretty quick to patch bugs, but most (all?) of their patches come in the form of minor version upgrades. And even I don't apply those patches immediately, even when I am prompted to do so via the auto update. Often times, when I'm in the middle of something, it's just more convenient to hit the 'Remind me later' button and deal with it tomorrow. And then tomorrow, the process starts all over again 
Edited 2006-11-02 02:10
Member since:2006-06-24
Member since:
2006-01-03
Member since:
2006-01-23
It's always important to make certain that the machines are secure. If it's true, Apple had better get to solving the problem. If it's already been patched, it seems as though someone wasted his time writing the exploit.
In other news, what's this about the new virus that disables the WinXP SP2 firewall?
Too many people are concerned about causing problems for other people. They should be looking for a legitimate job.
Member since:
2005-11-16
Things should be clear about:
- This vulnerability only affects macs that use Orinoco based Airport card, so computers that use Aiport Extrem cards are not affected. And that means affected macs are those sold between 1999 and 2003. So by definition it does not affect intel macs, or what whatever mac sold after 2003.
- Accordind to Moore, right now the exploit triggers a kernel panic, he has did not succeed to produce a remote code execution so far, but he thinks that it might be possible to achieve that.
-Also it seems that the explit only works if the Airport card is in active scanning mode. So it may reduce the chance of succesful attack.
Member since:
2005-11-06
Moore, who is collaborating with Ellch on Wi-Fi flaw research, named the exploit after Daring Fireball, a Mac blogger who doubted the Black Hat findings and issued a public challenge to Ellch and Maynor. "Normally I wouldn't sink to this level but, damn it, it's funny," Moore said of his taunt to Daring Fireball.
From the same article: "Moore said the exploit is not related to the Wi-Fi driver flaws discovered and discussed in Aug. 2006 by researchers David Maynor and Jon "Johnny Cache" Ellch at the Black Hat Briefings.", so in what way does this imply that "Johnny Cache"'s supposed exploit (never released) *did* work?
RE: Still *no* proof Johnny Cache had what he claimed
Member since:2006-01-11
Member since:
2006-01-24
it's a proof of concept
No one's exploited it. I imagine if a made manhunt was made to find *possible* exploits in four year old windows drivers what would be found.
This just proves what we already know: NOTHING is 100% secure.
Why is it when even a possible exploit is discovered on Mac or Linux or BSD it's front page news but when ACTUAL windows exploits are being used everyday no one cares?
When Apple feels the need to ship OS X with Norton or McAfee comes included with Linux distro's, we'll talk again. But until such a day . . . wake me when there is real news.
Member since:2006-04-21
Why is it when even a possible exploit is discovered on Mac or Linux or BSD it's front page news but when ACTUAL windows exploits are being used everyday no one cares?
Because Windows fanboys like to pretend that 1 or even 10 OS X or Linux security patches every so often is the same as Windows' thousands?
Remember when Microsoft was counting every single vulnerability in the same version of a given program on every distro as a different vulnerability? If we did that with every Windows version (and I'm sure there are vulnerabilities that have existed in Windows since NT 3.1 or even Win3.1 till the present day), you'd probably have to build a supercomputer just to calculate the number of Windows vulnerabilities.
And since that takes a long time, it would more likely run Linux than Windows.
Member since:2005-08-11
Member since:2006-01-06
Member since:
2006-07-18
