A trio of security flaws in Apple software that runs wireless-networking hardware could allow Macs to be hijacked over Wi-Fi, Apple said on Thursday.
The company released security updates to repair the problems, which together affect the AirPort wireless driver in Mac OS X 10 Panther version 10.3.9 and Mac OS X Tiger 10.4.7, according to Apple's security alert. Both Intel-based and Power PC-based versions of the Mac operating system are affected, on regular computers as well as on servers, Apple said.
"Attackers on the wireless network may cause arbitrary code execution," Apple said in the alert describing one of the flaws. "Arbitrary code execution" means the intruder can commandeer the system. The other two flaws allow the same type of compromise, but can also cause system crashes or, in one case, privilege escalation, the Mac maker said.
There are no known exploits for the vulnerabilities addressed by the update, Apple said. This means people should not be under immediate threat of attack.
Apple's patches come a month after researchers at SecureWorks demonstrated at the Black Hat security confab how an attacker could gain complete control over a laptop by sending malformed network traffic to a vulnerable computer. They showed a video of a successful attack on an Apple MacBook.
The researchers used a third-party wireless card in the MacBook for their demonstration, but said the AirPort wireless technology built into the laptop was also vulnerable, creating controversy in the Apple community.
In a statement released after Black Hat in August, Apple questioned SecureWorks comments that Macs were insecure. "Despite SecureWorks being quoted saying the Mac is threatened, they have provided no evidence that it is," a company representative said at the time.
But Apple's security patches are not related to the Black Hat presentation, a company representative said on Thursday. Instead, the company itself hunted for bugs in its wireless software and uncovered the vulnerabilities, the representative said.
"In August, SecureWorks approached Apple with a potential flaw that they felt could affect wireless drivers on Macs," the representative said. "They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit."
"Today's update preemptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac," the representative added.
A SecureWorks representative did not have an immediate comment.
The three vulnerabilities addressed by Apple all have to do with how the AirPort wireless driver handles "frames". An attacker could exploit the flaw by crafting a malicious frame and making it available on a wireless network used by vulnerable Macs, Apple said.
The first of the flaws, identified by CVE-2006-3507, affects Power Mac, PowerBook, iMac, Mac Pro, Xserve and Power PC-based Mac minis equipped with wireless capabilities. The second issue, identified by CVE-2006-3508, impacts Intel-based Mac mini, MacBook and MacBook Pro computers equipped with wireless. CVE, or Common Vulnerabilities and Exposures, is a list that provides an index of standardised names for vulnerabilities.
The third problem, identified by CVE-2006-3509, is specific to how the AirPort wireless driver interacts with third-party wireless software, according to Apple. It also impacts Intel-based Mac mini, MacBook and MacBook Pro systems equipped with wireless.
Apple did not list the iBook on its list of affected systems, but it also did not mention the iBook as one of the machines not affected by any of the three flaws.
The Mac OS security updates are available via Apple's software update utility in the operating system, and from Apple's download site. Only one update is required, and the utility will present the applicable fix, Apple said.
