Apple coats WiFi security hole
All part of an internal audit, nothing to do with dozens of news articles.
By Kieren McCarthy | Macworld UK | Published: 10:42, 22 September 2006
Apple has patched a serious security hole in its WiFi driver, despite disputing its existence last month.
A security and AirPort update for Mac OS X fixes holes found in the company's wireless drivers by a researcher at SecureWorks. Despite claiming that the researcher was wrong and the drivers were not in any way vulnerable, the patch covers the self-same problem.
The company changed its tune over the hole, complaining that SecureWorks had not given it sufficient information and so it had in fact discovered the problem itself. "They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit," an Apple spokesman offered. "Today's update pre-emptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac."
SecureWorks researcher David Maynor and "Johnny Cache" demonstrated the vulnerability - where a hole in Apple's MacBook wireless software driver allows a hacker to take control of the machine - at the Black Hat conference in August. Maynor said at the time that they had demoed the flaw on the Mac because of the "Mac user base aura of smugness on security".
That smugness was nowhere to be seen yesterday as Apple informed the faithful that it personally had discovered the problem that wasn't a problem anyway because no one had exploited it - except for the two people up on stage at the Black Hat conference, that is.
The issue isn't wide-ranging in that it only affects the Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. That leaves Intel-based Mac mini, MacBook, and MacBook Pro computers completely unaffected.