Linked by Thom Holwerda on Wed 1st Nov 2006 22:43 UTC
Mac OS X Metasploit founder HD Moore has released an exploit for an unpatched vulnerability in the Apple Airport driver that ships with some PowerBook and iMac computers. Moore said the exploit is not related to the Wi-Fi driver flaws discovered and discussed in Aug. 2006 by researchers David Maynor and Jon Ellch at the Black Hat Briefings. Moore, who is collaborating with Ellch on Wi-Fi flaw research, named the exploit after Daring Fireball, a Mac blogger who doubted the Black Hat findings and issued a public challenge to Ellch and Maynor.
Order by: Score:
...
by smashIt on Wed 1st Nov 2006 23:29 UTC
smashIt
Member since:
2005-07-06

did i hear a security-bubble burst?

Reply Score: 4

RE: ...
by Adurbe on Thu 2nd Nov 2006 00:08 UTC in reply to "..."
Adurbe Member since:
2005-07-06

http://www.microsoft.com/technet/security/bulletin/ms06-oct.mspx

6 critical last month from microstoft..

the bubble isnt gone just yet

Reply Score: 1

RE[2]: ...
by Nelson on Thu 2nd Nov 2006 00:15 UTC in reply to "RE: ..."
Nelson Member since:
2005-11-29

Your point? The fact is that Apple's "invulnerability" illusion is being destroyed.

Let's see OSX deal with Security when they expose OSX to the world via the PPC->Intel switch

Reply Score: 4

RE[3]: ...
by zetsurin on Thu 2nd Nov 2006 00:18 UTC in reply to "RE[2]: ..."
zetsurin Member since:
2006-06-13

"et's see OSX deal with Security when they expose OSX to the world via the PPC->Intel switch"

Just before you start frothing at the mouth too much, it appears to imply that this doesn't affect Intel models at all:

"Moore's exploit, available here, targets a remote memory corruption flaw that affects the Apple Airport driver provided with Orinoco-based Airport cards (1999-2003 PowerBooks and iMacs)."

Reply Score: 4

RE[3]: ...
by Adurbe on Thu 2nd Nov 2006 16:13 UTC in reply to "RE[2]: ..."
Adurbe Member since:
2005-07-06

i never said apple were invulnerable, but such things have to kept in perspective.

one flaw in osx is heavily publicised because of its rarity, the point we have to worry is when the flaws become so common it isnt worth reporting!!

Reply Score: 3

RE[2]: ...
by Rayz on Thu 2nd Nov 2006 06:20 UTC in reply to "RE: ..."
Rayz Member since:
2006-06-24

Aaah, that old Apple trick ....

"Someone's found a problem! Quick! Throw something out there to distract people!"

Reply Score: 2

RE: ...
by PowerMacX on Thu 2nd Nov 2006 03:18 UTC in reply to "..."
PowerMacX Member since:
2005-11-06

did i hear a security-bubble burst?

Did I hear another reference to Artie MacStrawman?
http://www.crazyapplerumors.com/?p=664

A (funny) summary of the wireless hack saga:
http://www.crazyapplerumors.com/?p=665

(strangely no, the part about the lit cigarette in the eye was not made up)

Reply Score: 1

RE: ...
by Kroc on Thu 2nd Nov 2006 08:31 UTC in reply to "..."
Kroc Member since:
2005-11-10

No, but I did see someone jump to a huge conclusion.

Reply Score: 1

RE: ...
by steviant on Fri 3rd Nov 2006 02:47 UTC in reply to "..."
steviant Member since:
2006-01-11

POP!
NooooooooOooooOOoooo!

I was so much more secure before someone discovered an exploitable bug in a driver for some hardware I don't even have!

Now what am I going to do?!!

My mac is going to fill up with viruses and malware faster than I can click "Turn Airport off"!!!

Bring back my invulnerabubble security bubble before I drown in an ocean of crapware!

Damn it, why didn't I buy a Windows machine, at least then I could rely on good old Microsoft to protect me, and not just some "security bubble" that pops as soon a 5 year old network card driver gets hacked!.

Reply Score: 1

v WTF
by 47ronin on Thu 2nd Nov 2006 00:30 UTC
RE: WTF
by Tom K on Thu 2nd Nov 2006 01:11 UTC in reply to "WTF"
Tom K Member since:
2005-07-06

It affects people who bought a Mac between 1999 and 2003, and still use it.

Do you think that everyone threw away their iBooks and Powerbooks the moment Intel notebooks from Apple became available?

Reply Score: 5

RE: WTF
by MollyC on Thu 2nd Nov 2006 03:24 UTC in reply to "WTF"
MollyC Member since:
2006-07-04

My Mac is from 2002 and it came with wireless card, so I guess I would be affected. I won't lose any sleep over it, though.

Reply Score: 2

RE[2]: WTF
by evangs on Thu 2nd Nov 2006 06:56 UTC in reply to "RE: WTF"
evangs Member since:
2005-07-07

The orinoco drivers are for the original Airport 802.11b wireless cards. The later Airport Extreme ones are based on Broadcoms chipset. I know the difference, because I tried getting Linux working on my macs and the orinoco drivers do not work with any of the Airport Extreme cards, only Airport.

Bottom line is, this exploit doesn't affect you if you're using Airport Extreme.

Reply Score: 1

RE[2]: WTF
by Soulbender on Thu 2nd Nov 2006 03:31 UTC in reply to "WTF"
Soulbender Member since:
2005-08-18

"and that affects current customers how?"

Yea, I'm sure there's absolutely no-one who still uses a computer that's 3 years old....

Reply Score: 5

RE[3]: WTF
by bousozoku on Thu 2nd Nov 2006 19:09 UTC in reply to "RE[2]: WTF"
bousozoku Member since:
2006-01-23

Yea, I'm sure there's absolutely no-one who still uses a computer that's 3 years old....

Even 6 year old Macs tend to work just fine and Mac OS X has become more efficient over the years, so yes, plenty of people are still using those computers.

Also, consider that the print and advertising industry does not feel the need to move constantly. You'll still find people submitting files for Quark XPress 4.11, Illustrator 7, and the like. Some print houses haven't upgraded simply because most of their clients are still on Mac OS 9. Of course, they're less likely to use a wireless network, too.

Reply Score: 1

RE: WTF
by Rayz on Thu 2nd Nov 2006 06:14 UTC in reply to "WTF"
Rayz Member since:
2006-06-24

Well it affects me!

I bought my Powerbook in 2002 ... :-(

Reply Score: 3

RE: WTF
by atsureki on Fri 3rd Nov 2006 02:03 UTC in reply to "WTF"
atsureki Member since:
2006-03-12

I believe the point of this oft-downmodded post was to point out that this proves nothing. All of the recent drama about Macs having greater security have been a reaction to the increasing popularity and sales of new machines, thus the whole farce about MacBook wireless exploits. Now that there is a wifi exploit that actually exists, little though it may do, it's still no substantial reason for potential buyers to be afraid, so why should the Anti-Mac Players make a show out of it? To make it look like something it isn't: a problem with current Macs.

Call the parent off topic if you like, but I sincerely doubt it ever intended to imply that no one was using a machine from 2003, just that no one was buying them from their nearest Apple Store, so what's the agenda?

Reply Score: 1

Nothing is ever secure.
by Finchwizard on Thu 2nd Nov 2006 00:47 UTC
Finchwizard
Member since:
2006-02-01

Nothing will ever be 100% secure or bug free, but I do believe that Apples patch time is relatively quick, which is what counts.

Reply Score: 1

RE: Nothing is ever secure.
by WorknMan on Thu 2nd Nov 2006 02:06 UTC in reply to "Nothing is ever secure."
WorknMan Member since:
2005-11-13

but I do believe that Apples patch time is relatively quick, which is what counts.

Nah, what counts is how quickly people apply those patches, or if they apply them at all. It's just like Firefox .. they're usually pretty quick to patch bugs, but most (all?) of their patches come in the form of minor version upgrades. And even I don't apply those patches immediately, even when I am prompted to do so via the auto update. Often times, when I'm in the middle of something, it's just more convenient to hit the 'Remind me later' button and deal with it tomorrow. And then tomorrow, the process starts all over again ;)

Edited 2006-11-02 02:10

Reply Score: 3

RE[2]: Nothing is ever secure.
by Rayz on Thu 2nd Nov 2006 06:16 UTC in reply to "RE: Nothing is ever secure."
Rayz Member since:
2006-06-24

Well the rule is the same for Apple as it is for MS; if they release a patch and you ignore it, then that really isn't their fault.

Reply Score: 3

And?
by sigzero on Thu 2nd Nov 2006 01:48 UTC
sigzero
Member since:
2006-01-03

You will find security flaws in ANY OS and I don't care who makes it. There is no bubble bursting though (as I don't think there IS a bubble). Sorry for you Mac haters.

Reply Score: 3

bousozoku
Member since:
2006-01-23

It's always important to make certain that the machines are secure. If it's true, Apple had better get to solving the problem. If it's already been patched, it seems as though someone wasted his time writing the exploit.

In other news, what's this about the new virus that disables the WinXP SP2 firewall?

Too many people are concerned about causing problems for other people. They should be looking for a legitimate job.

Reply Score: 1

Just to be clear!
by Hakime on Thu 2nd Nov 2006 02:33 UTC
Hakime
Member since:
2005-11-16

Things should be clear about:

- This vulnerability only affects macs that use Orinoco based Airport card, so computers that use Aiport Extrem cards are not affected. And that means affected macs are those sold between 1999 and 2003. So by definition it does not affect intel macs, or what whatever mac sold after 2003.

- Accordind to Moore, right now the exploit triggers a kernel panic, he has did not succeed to produce a remote code execution so far, but he thinks that it might be possible to achieve that.

-Also it seems that the explit only works if the Airport card is in active scanning mode. So it may reduce the chance of succesful attack.

Reply Score: 5

PowerMacX
Member since:
2005-11-06

Moore, who is collaborating with Ellch on Wi-Fi flaw research, named the exploit after Daring Fireball, a Mac blogger who doubted the Black Hat findings and issued a public challenge to Ellch and Maynor. "Normally I wouldn't sink to this level but, damn it, it's funny," Moore said of his taunt to Daring Fireball.

From the same article: "Moore said the exploit is not related to the Wi-Fi driver flaws discovered and discussed in Aug. 2006 by researchers David Maynor and Jon "Johnny Cache" Ellch at the Black Hat Briefings.", so in what way does this imply that "Johnny Cache"'s supposed exploit (never released) *did* work?

Reply Score: 1

steviant Member since:
2006-01-11

Wow, after a comment like that you *have* to post your CV and a code-portfolio so that we can evaluate your work.

You sound like a really impressive kernel engineer.

Reply Score: 1

it affects nobody
by Fuji257 on Thu 2nd Nov 2006 04:40 UTC
Fuji257
Member since:
2006-01-24

it's a proof of concept

No one's exploited it. I imagine if a made manhunt was made to find *possible* exploits in four year old windows drivers what would be found.

This just proves what we already know: NOTHING is 100% secure.

Why is it when even a possible exploit is discovered on Mac or Linux or BSD it's front page news but when ACTUAL windows exploits are being used everyday no one cares?

When Apple feels the need to ship OS X with Norton or McAfee comes included with Linux distro's, we'll talk again. But until such a day . . . wake me when there is real news.

Reply Score: 1

RE: it affects nobody
by twenex on Thu 2nd Nov 2006 16:43 UTC in reply to "it affects nobody"
twenex Member since:
2006-04-21

Why is it when even a possible exploit is discovered on Mac or Linux or BSD it's front page news but when ACTUAL windows exploits are being used everyday no one cares?

Because Windows fanboys like to pretend that 1 or even 10 OS X or Linux security patches every so often is the same as Windows' thousands?

Remember when Microsoft was counting every single vulnerability in the same version of a given program on every distro as a different vulnerability? If we did that with every Windows version (and I'm sure there are vulnerabilities that have existed in Windows since NT 3.1 or even Win3.1 till the present day), you'd probably have to build a supercomputer just to calculate the number of Windows vulnerabilities.

And since that takes a long time, it would more likely run Linux than Windows.

Reply Score: 0

RE[2]: it affects nobody
by BluenoseJake on Thu 2nd Nov 2006 17:22 UTC in reply to "RE: it affects nobody"
BluenoseJake Member since:
2005-08-11

I can see why this was voted down

Reply Score: 0

RE: it affects nobody
by tomcat on Thu 2nd Nov 2006 19:55 UTC in reply to "it affects nobody"
tomcat Member since:
2006-01-06

Whether it currently affects nobody is irrelevant to the issue of the fact that a vulnerability exists. An exploit WILL emerge in the wild. It's just a matter of when.

Reply Score: 1

vanfruniken
Member since:
2006-07-18

So, even if the threat had materialized, it all would come down to how open your WiFi LAN is to possible intruders.

Reply Score: 1

v zzzz
by Pliep on Thu 2nd Nov 2006 09:49 UTC