New Airport Driver Exploit Released For Some Older Macs

MacRumors · Nov 2, 2006, 08:59 AM

http://www.macrumors.com/images/macrumorsthreadlogo.gif

Just as the Black Hat wireless card exploit was beginning to die down, an exploit in Apple's built-in Airport drivers for some older Macs has been released.

According to the site hosting the proof-of-concept, the driver supplied with Orinoco-based Airport cards (1999-2003 PowerBooks, iMacs) is vulnerable to a remote memory corruption flaw, which could lead to arbitrary code execution if the target is in Active Scanning Mode (i.e. is searching for a base station). The exploit was claimed to have been run on a system running 10.4.8 with all existing patches applied.

It did not appear as though the hackers announcing the exploit and hosting the proof-of-concept code had contacted Apple about the vulnerability prior to the announcement. Nowhere on the site do the hackers claim they had contacted Apple, but rather they reveal the following about their intentions:

Quote:

With all the hype and buzz about the now infamous Apple wireless device driver bugs (brought to attention at Black Hat, by Johnny Cache and David Maynor, covered up and FUD'ed by others), hopefully this will bring some light (better said, proof) about the existence of such flaws in the Airport device drivers.

longofest · Nov 2, 2006, 09:01 AM

Good news for me... I have an 867 Mhz Ti Powerbook.

I've been wanting to ditch the built-in Airport card anyways... It's flakey

prady16 · Nov 2, 2006, 09:06 AM

This is an ode to Apple's growing popularity!

longofest · Nov 2, 2006, 09:08 AM

Quote:

Originally Posted by prady16

This is an ode to Apple's growing popularity!

Either that or an ode to the way they handled the Black Hat situation.

Or both...

raggedjimmi · Nov 2, 2006, 09:09 AM

Eep, I still use my PowerBook too.

BWhaler · Nov 2, 2006, 09:09 AM

So Apple releases a patch and our platform gets even more secure. Awesome.

Other than that, it is bullcrap that they didn't notify Apple beforehand and give the company the opportunity to patch it.

But clearly this is just some losers who want attention or make some politicial statement that "The Mac platform is not perfect." (Note to losers: Only the MSoft shills in the media think the Mac community believes our platform is invincible. In reality, we know every OS and every app has flaws. We just believe this Windows is a joke and Microsoft is a low quality company with shoddy products. Not that Apple is flawless.)

So this will make the rounds in the news for a week. The Apple brand will take a minor hit.

And Windows will still suck. Vista will still be a pathetic upgrade. OS X is still more secure. And Leopard will still rock.

Nothing really has changed...

idea_hamster · Nov 2, 2006, 09:12 AM

So while we wait for some kind of response/update/new driver from Apple, is there some kind of measure that we can take to reduce the amount of time we spend in "Active Scanning Mode"?

I imagine that we can use wired connections when possible, but I know that available networks pop in and out of my Airport menu bar list. That makes me think that my PB is always (or at least often) looking for new base stations -- is this right?

Is there some way that we can make Airport wait to scan until we ask it to do so?

Surreal · Nov 2, 2006, 09:18 AM

Quote:

Originally Posted by idea_hamster

Is there some way that we can make Airport wait to scan until we ask it to do so?

turn airport off.

Bear · Nov 2, 2006, 09:24 AM

Quote:

Originally Posted by Macrumors

Orinoco-based Airport cards (1999-2003 PowerBooks, iMacs)

This is Airport and NOT Airport Extreme.

Anybody with an Airport Extreme (or later) will not be vulnerable to this exploit.

However, this is all macs that have the original Airport not just PowerBooks and iMacs. It's also eMacs, iBooks and Power Macs.

Lixivial · Nov 2, 2006, 09:29 AM

And according to the ever-elated George Ou, they named it after John Gruber's Daring Fireball website. Ou linked to the file from his website and the filename was DaringPhucball.

George Ou is just... I don't think there are even words. His sort of "journalism" is representative of ZDNet as a whole -- just prior to his elation over the Apple exploit (a supposed security guy elated over a security flaw, go figure) he attacked ComputerWorld for their advice/explanation of a Windows flaw.

I mention Ou because he was part of the defense of Maynor and Ellch back in the original hack, which is linked in the original post.

Swarmlord · Nov 2, 2006, 09:32 AM

Quote:

Originally Posted by BWhaler

So Apple releases a patch and our platform gets even more secure. Awesome.

Other than that, it is bullcrap that they didn't notify Apple beforehand and give the company the opportunity to patch it.

But clearly this is just some losers who want attention or make some politicial statement that "The Mac platform is not perfect." (Note to losers: Only the MSoft shills in the media think the Mac community believes our platform is invincible. In reality, we know every OS and every app has flaws. We just believe this Windows is a joke and Microsoft is a low quality company with shoddy products. Not that Apple is flawless.)

So this will make the rounds in the news for a week. The Apple brand will take a minor hit.

And Windows will still suck. Vista will still be a pathetic upgrade. OS X is still more secure. And Leopard will still rock.

Nothing really has changed...

Exactly. It is so lame when people that find holes, flaws and bugs go to the press or internet before contacting the manufacturer to notify them and give them a chance to patch it BEFORE hackers can exploit it.

frozencarbonite · Nov 2, 2006, 09:33 AM

Quote:

Originally Posted by Bear

This is Airport and NOT Airport Extreme.

Anybody with an Airport Extreme (or later) will not be vulnerable to this exploit.

However, this is all macs that have the original Airport not just PowerBooks and iMacs. It's also eMacs, iBooks and Power Macs.

That's really good to know. I have a Powerbook that I bought back in the summer of 2004 and I don't have any plans on buying a new one soon. Well it's actually because I can't afford a new one right now.

I wonder how you can tell when your Powerbook was made? Is there a way to tell?

kozmic stu · Nov 2, 2006, 09:42 AM

Quote:

Originally Posted by frozencarbonite

I wonder how you can tell when your Powerbook was made? Is there a way to tell?

To find out if your computer is vulnerable to this attack, go to System Profiler (Applications:Utilities:System Profiler; or Apple Menu>About This Mac>More Info...) In the menu on the left hand side, you should see 'AirPort Card' (inside 'Network'). Click this, and if the 'Wireless Card Type' says 'AirPort Extreme', then there's no problem

Hope this helps...

Stu

0010101 · Nov 2, 2006, 10:05 AM

Further proof that one of the things that has kept the Mac platform relatively exploit and virus free isn't that such things were impossible.. but because nobody cared enough to try and poke holes in it.

The more Mac people laugh in the face of Windows folks and snobbishly exclaim how secure and exploit free their OS is.. the more people will try to prove them wrong.

Let's face it.. it's like walking into a biker bar and announcing that you're the biggest, baddest mofo in the joint.

Won't be long before somebody puts your theory to the test.

I agree it's lame that a group found a hole, then published that finding before notifying Apple about it so they could patch it.. but not nearly as lame as Apple not catching that hole before they released the OS.

But i'll say this.. in the world of exploits and 'flaws', this one isn't much of a threat.. unless you're using a 3+ year old Airport Card, and your computer spends most of its time searching for a base station.

After struggling with the flaws, bugs, hacks, viruses, spyware, malware, and browser exploits on the Windows platform for the last several years, I can honestly say that this recent announcement dosen't bother me a bit.

But then again, I don't use an Airport card, either.

kalisphoenix · Nov 2, 2006, 10:21 AM

This just goes to support the conventional wisdom that Macs have longer usable lifespans than most computers. Not many other people give a damn that a vulnerability was found in an old Wireless-B card :-P

"Vulnerability found in CP/M. Film at 11."

OhEsTen · Nov 2, 2006, 11:17 AM

Quote:

Originally Posted by 0010101

The more Mac people laugh in the face of Windows folks and snobbishly exclaim how secure and exploit free their OS is.. the more people will try to prove them wrong.

Who's being snobbish?

Everytime there is a new article on "New Mac Virus Released" the same tune is played over and over.... "You Mac fanboys are getting what's coming to you because of the snobby bastards you are..."

Mac OS X is more secure than windows is.

No one has ever said (or would ever say for that matter) that they are unhackable because thats just not true. But, that still doesn't change the fact that windows has a LOT more security holes than OS X.

OS X will stay the more secure (of the 2 OSes) until they get more viruses than windows.

nagromme · 11:54 AM

This exploit COULD be real, and if so, I thank them for uncovering it, on behalf of 4+ year-old AirPort users. They have done a great service, even though they intentionally did so in a way (not letting Apple know) that could help hackers rather than users. That's immature, but in the end the result is that an exploit (if real) can now be prevented.

However, they lose a lot of credibility when they re-state the original claim about AirPort hacks, and refer to FUD and cover-ups when that claim was debunked. They know as well as anyone that the "60 second" AirPort hack was not for real, and to state falsely that it WAS real leaves me skeptical about their other claims. But others can easily determine that one way or another now.

In any case, they, like some posters here, are clearly acting out of emotion against Macs. I would remind people that having positive emotions FOR a tool that helps you is quite rational, more so than having negative emotions about a tool nobody forces you to use. Liking Macs makes sense. Not liking macs makes sense. Liking Windows makes sense too, if it's a tool that serves you well. Hating Windows makes sense--IF you are forced to use it, as many people are. Hating Macs, and the childish emotions people are venting against people who like Macs, is just not rational in the same way. (Unless, of course, the people getting emotional against Mac users have been forced to use Macs at work, the way people are forced to use Windows. Unlikely, but if so, I can appreciate their frustration, even though they need not take it out on Mac users.)

People who insult Windows users JUST because they like Windows--and people who insult Mac users JUST because they like Macs--are barking up the wrong tree. Put down the product (Windows or OS X) for its flaws. Don't put down the people who find the tools useful and even fun--they don't hurt you.

And if you don't think a "tool" CAN be fun... you may wish to try other tools

EDIT: as BWhaler said, I've never seen a single Mac users claim that Mac security is perfect, only that it's much better than Windows. Undeniably still true, and undeniably by design. (And yes "obscurity" helps too, obviously--just don't make the mistake of thinking it's the only thing that helps Macs.) The people claiming Mac users "think Macs are perfect" (we don't) and get angry about how much easier Mac users have it (and still will, even when we have our first successful real-world virus someday) are understandably upset: they face frustrations with Windows that we just don't have to deal with, and never will on the same scale as Windows. But we will and DO have to deal with security issues from time to time. "Much better" is not "perfect!"

Snowy_River · Nov 2, 2006, 11:55 AM

Quote:

Originally Posted by 0010101

...
I agree it's lame that a group found a hole, then published that finding before notifying Apple about it so they could patch it.. but not nearly as lame as Apple not catching that hole before they released the OS.
...

Lame of Apple? Do you have any idea how difficult it is to find ALL flaws, bugs, holes, etc. in something as complex as a modern OS? You're saying that the most lame aspect of this is that Apple didn't ship a completely bullet proof, flawless OS.

It seems to me that your expectations are the ones that are artificial, not those who are saying that the Mac OS is the most secure major OS on the market.

robertnq · Nov 2, 2006, 12:29 PM

We all due respect to the BLack Hat community....they found the problems with iMac's and PowerBook's from 2003??? I think thats better, than finding problems with a PC...it probably only takes them 3 mintues to find those....hmmmm.....interesting...dont you think?

savar · Nov 2, 2006, 12:40 PM

Quote:

Originally Posted by 0010101

Further proof that one of the things that has kept the Mac platform relatively exploit and virus free isn't that such things were impossible.. but because nobody cared enough to try and poke holes in it.

Well you're right, *if and only if* this exploit is true. I have yet to see anybody confirm that this actually works.

FoxyKaye · Nov 2, 2006, 12:43 PM

Quote:

Originally Posted by kalisphoenix

"Vulnerability found in CP/M. Film at 11."

OK - that was funny. It made me think of our neighbor's old Osborne "portable" computer (that weighed almost 45 pounds).

I wonder though - are there many hackers actually equipped to exploit this vulnerability, and of those who are, how many feel the need to single out Macs when there's a myriad of Windows based systems with much easier hacked access out there (because we all know that not everyone updates Windows on the daily basis that it needs to keep up with the vulnerabilities)? I'd be very surprised if more than a handful of Mac users are actually attacked using this method.

twoodcc · Nov 2, 2006, 01:12 PM

well this doesn't really affect me right now, but i'm glad that these drivers were released for other people

bousozoku · Nov 2, 2006, 01:23 PM

Quote:

Originally Posted by kalisphoenix

This just goes to support the conventional wisdom that Macs have longer usable lifespans than most computers. Not many other people give a damn that a vulnerability was found in an old Wireless-B card :-P

"Vulnerability found in CP/M. Film at 11."

Don't say that. I still use my Kaypro 1.

Over at OSNews, people were like "why should this be a problem? who would be using old computers like those?" but many of us still use G3 and G4 Macs regularly. I suppose the fix to the device driver won't be available for Jaguar or Panther, though, and should be.

TaoMacGuy · Nov 2, 2006, 01:31 PM

1. This exploit has yet to be confirmed by another party.

2. This exploit has yet to be demonstrated to have occurred in the wild.

3. As others have noted, Mac OS X, is *by design,* more secure than Windows. This is not debatable. It is a fact.

4. Exploits *will* be found. Remember, any code which is bug free is, by definition, obsolete.

Me? I'm happy as a clam using my 5 Macs. I only run Windows now as virtual machines using Parallels.

Moving on.

SC68Cal · Nov 2, 2006, 01:43 PM

New exploits released for Windows ME.

More at 11

Nov 2, 2006, 09:09 AM	#5
raggedjimmi macrumors 604 Join Date: Jan 2005	Eep, I still use my PowerBook too. __________________ www.bossbaddie.com

Nov 2, 2006, 09:09 AM	#6
BWhaler macrumors 68000 Join Date: Jan 2003	So Apple releases a patch and our platform gets even more secure. Awesome. Other than that, it is bullcrap that they didn't notify Apple beforehand and give the company the opportunity to patch it. But clearly this is just some losers who want attention or make some politicial statement that "The Mac platform is not perfect." (Note to losers: Only the MSoft shills in the media think the Mac community believes our platform is invincible. In reality, we know every OS and every app has flaws. We just believe this Windows is a joke and Microsoft is a low quality company with shoddy products. Not that Apple is flawless.) So this will make the rounds in the news for a week. The Apple brand will take a minor hit. And Windows will still suck. Vista will still be a pathetic upgrade. OS X is still more secure. And Leopard will still rock. Nothing really has changed... __________________ "Faster, faster, until the thrill of speed overcomes the fear of death." -- Hunter Thompson

Nov 2, 2006, 09:12 AM	#7
idea_hamster macrumors 6502a Join Date: Jul 2003 Location: NYC, Area 1	Oz. of Prevention? So while we wait for some kind of response/update/new driver from Apple, is there some kind of measure that we can take to reduce the amount of time we spend in "Active Scanning Mode"? I imagine that we can use wired connections when possible, but I know that available networks pop in and out of my Airport menu bar list. That makes me think that my PB is always (or at least often) looking for new base stations -- is this right? Is there some way that we can make Airport wait to scan until we ask it to do so? __________________ The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts. -- B. Russell

Nov 2, 2006, 09:29 AM	#10
Lixivial macrumors 6502a Join Date: Jan 2005 Location: Between cats, dogs and wanderlust.	As a bit of an aside And according to the ever-elated George Ou, they named it after John Gruber's Daring Fireball website. Ou linked to the file from his website and the filename was DaringPhucball. George Ou is just... I don't think there are even words. His sort of "journalism" is representative of ZDNet as a whole -- just prior to his elation over the Apple exploit (a supposed security guy elated over a security flaw, go figure) he attacked ComputerWorld for their advice/explanation of a Windows flaw. I mention Ou because he was part of the defense of Maynor and Ellch back in the original hack, which is linked in the original post.

Nov 2, 2006, 11:39 AM	#17
nagromme macrumors 601 Join Date: May 2002 Location: Blinking blue dot	This exploit COULD be real, and if so, I thank them for uncovering it, on behalf of 4+ year-old AirPort users. They have done a great service, even though they intentionally did so in a way (not letting Apple know) that could help hackers rather than users. That's immature, but in the end the result is that an exploit (if real) can now be prevented. However, they lose a lot of credibility when they re-state the original claim about AirPort hacks, and refer to FUD and cover-ups when that claim was debunked. They know as well as anyone that the "60 second" AirPort hack was not for real, and to state falsely that it WAS real leaves me skeptical about their other claims. But others can easily determine that one way or another now. In any case, they, like some posters here, are clearly acting out of emotion against Macs. I would remind people that having positive emotions FOR a tool that helps you is quite rational, more so than having negative emotions about a tool nobody forces you to use. Liking Macs makes sense. Not liking macs makes sense. Liking Windows makes sense too, if it's a tool that serves you well. Hating Windows makes sense--IF you are forced to use it, as many people are. Hating Macs, and the childish emotions people are venting against people who like Macs, is just not rational in the same way. (Unless, of course, the people getting emotional against Mac users have been forced to use Macs at work, the way people are forced to use Windows. Unlikely, but if so, I can appreciate their frustration, even though they need not take it out on Mac users.) People who insult Windows users JUST because they like Windows--and people who insult Mac users JUST because they like Macs--are barking up the wrong tree. Put down the product (Windows or OS X) for its flaws. Don't put down the people who find the tools useful and even fun--they don't hurt you. And if you don't think a "tool" CAN be fun... you may wish to try other tools EDIT: as BWhaler said, I've never seen a single Mac users claim that Mac security is perfect, only that it's much better than Windows. Undeniably still true, and undeniably by design. (And yes "obscurity" helps too, obviously--just don't make the mistake of thinking it's the only thing that helps Macs.) The people claiming Mac users "think Macs are perfect" (we don't) and get angry about how much easier Mac users have it (and still will, even when we have our first successful real-world virus someday) are understandably upset: they face frustrations with Windows that we just don't have to deal with, and never will on the same scale as Windows. But we will and DO have to deal with security issues from time to time. "Much better" is not "perfect!" __________________ nagromme Would you like a treatment? Last edited by nagromme : Nov 2, 2006 at 11:54 AM.

Nov 2, 2006, 09:01 AM	#2
longofest Demi-God (Editor) Join Date: Jul 2003 Location: Falls Church, VA	Good news for me... I have an 867 Mhz Ti Powerbook. I've been wanting to ditch the built-in Airport card anyways... It's flakey

Nov 2, 2006, 09:06 AM	#3
prady16 macrumors 6502 Join Date: Aug 2006 Location: Right There --->	This is an ode to Apple's growing popularity!

Nov 2, 2006, 10:05 AM	#14
0010101 macrumors regular Join Date: Sep 2006	Further proof that one of the things that has kept the Mac platform relatively exploit and virus free isn't that such things were impossible.. but because nobody cared enough to try and poke holes in it. The more Mac people laugh in the face of Windows folks and snobbishly exclaim how secure and exploit free their OS is.. the more people will try to prove them wrong. Let's face it.. it's like walking into a biker bar and announcing that you're the biggest, baddest mofo in the joint. Won't be long before somebody puts your theory to the test. I agree it's lame that a group found a hole, then published that finding before notifying Apple about it so they could patch it.. but not nearly as lame as Apple not catching that hole before they released the OS. But i'll say this.. in the world of exploits and 'flaws', this one isn't much of a threat.. unless you're using a 3+ year old Airport Card, and your computer spends most of its time searching for a base station. After struggling with the flaws, bugs, hacks, viruses, spyware, malware, and browser exploits on the Windows platform for the last several years, I can honestly say that this recent announcement dosen't bother me a bit. But then again, I don't use an Airport card, either.

Nov 2, 2006, 10:21 AM	#15
kalisphoenix Banned Join Date: Jul 2005	This just goes to support the conventional wisdom that Macs have longer usable lifespans than most computers. Not many other people give a damn that a vulnerability was found in an old Wireless-B card :-P "Vulnerability found in CP/M. Film at 11."

Nov 2, 2006, 12:29 PM	#19
robertnq macrumors newbie Join Date: Oct 2006 Location: San Francisco	it took them almost four years to find it... We all due respect to the BLack Hat community....they found the problems with iMac's and PowerBook's from 2003??? I think thats better, than finding problems with a PC...it probably only takes them 3 mintues to find those....hmmmm.....interesting...dont you think?

Nov 2, 2006, 01:12 PM	#22
twoodcc macrumors 603 Join Date: Feb 2005 Location: Right side of wrong	well this doesn't really affect me right now, but i'm glad that these drivers were released for other people __________________ tville pump Smarter than the average bear

Nov 2, 2006, 01:31 PM	#24
TaoMacGuy macrumors newbie Join Date: Nov 2006 Location: Santa Rosa, CA	Airport "Exploit" 1. This exploit has yet to be confirmed by another party. 2. This exploit has yet to be demonstrated to have occurred in the wild. 3. As others have noted, Mac OS X, is by design, more secure than Windows. This is not debatable. It is a fact. 4. Exploits will be found. Remember, any code which is bug free is, by definition, obsolete. Me? I'm happy as a clam using my 5 Macs. I only run Windows now as virtual machines using Parallels. Moving on.

Nov 2, 2006, 01:43 PM	#25
SC68Cal macrumors 68000 Join Date: Feb 2006	New exploits released for Windows ME. More at 11

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode