New Airport Driver Exploit Released For Some Older Macs

[MacRumors]

Just as the Black Hat wireless card exploit was beginning to die down, an exploit in Apple's built-in Airport drivers for some older Macs has been released.

According to the site hosting the proof-of-concept, the driver supplied with Orinoco-based Airport cards (1999-2003 PowerBooks, iMacs) is vulnerable to a remote memory corruption flaw, which could lead to arbitrary code execution if the target is in Active Scanning Mode (i.e. is searching for a base station). The exploit was claimed to have been run on a system running 10.4.8 with all existing patches applied.

It did not appear as though the hackers announcing the exploit and hosting the proof-of-concept code had contacted Apple about the vulnerability prior to the announcement. Nowhere on the site do the hackers claim they had contacted Apple, but rather they reveal the following about their intentions:

With all the hype and buzz about the now infamous Apple wireless device driver bugs (brought to attention at Black Hat, by Johnny Cache and David Maynor, covered up and FUD'ed by others), hopefully this will bring some light (better said, proof) about the existence of such flaws in the Airport device drivers.

 

[longofest]

Good news for me... I have an 867 Mhz Ti Powerbook.

I've been wanting to ditch the built-in Airport card anyways... It's flakey

 

[prady16]

This is an ode to Apple's growing popularity!

 

[longofest]

This is an ode to Apple's growing popularity!

Either that or an ode to the way they handled the Black Hat situation.

Or both...

 

[0098386]

Eep, I still use my PowerBook too.

 

[BWhaler]

So Apple releases a patch and our platform gets even more secure. Awesome.

Other than that, it is bullcrap that they didn't notify Apple beforehand and give the company the opportunity to patch it.

But clearly this is just some losers who want attention or make some politicial statement that "The Mac platform is not perfect." (Note to losers: Only the MSoft shills in the media think the Mac community believes our platform is invincible. In reality, we know every OS and every app has flaws. We just believe this Windows is a joke and Microsoft is a low quality company with shoddy products. Not that Apple is flawless.)

So this will make the rounds in the news for a week. The Apple brand will take a minor hit.

And Windows will still suck. Vista will still be a pathetic upgrade. OS X is still more secure. And Leopard will still rock.

Nothing really has changed...

 

[idea_hamster]

Oz. of Prevention?

So while we wait for some kind of response/update/new driver from Apple, is there some kind of measure that we can take to reduce the amount of time we spend in "Active Scanning Mode"?

I imagine that we can use wired connections when possible, but I know that available networks pop in and out of my Airport menu bar list. That makes me think that my PB is always (or at least often) looking for new base stations -- is this right?

Is there some way that we can make Airport wait to scan until we ask it to do so?

 

[Surreal]

Is there some way that we can make Airport wait to scan until we ask it to do so?

turn airport off.

 

[Bear]

Orinoco is Airport (and NOT Airport Extreme)

Orinoco-based Airport cards (1999-2003 PowerBooks, iMacs)

This is Airport and NOT Airport Extreme.

Anybody with an Airport Extreme (or later) will not be vulnerable to this exploit.

However, this is all macs that have the original Airport not just PowerBooks and iMacs. It's also eMacs, iBooks and Power Macs.

 

[Lixivial]

As a bit of an aside

And according to the ever-elated George Ou, they named it after John Gruber's Daring Fireball website. Ou linked to the file from his website and the filename was DaringPhucball.

George Ou is just... I don't think there are even words. His sort of "journalism" is representative of ZDNet as a whole -- just prior to his elation over the Apple exploit (a supposed security guy elated over a security flaw, go figure) he attacked ComputerWorld for their advice/explanation of a Windows flaw.

I mention Ou because he was part of the defense of Maynor and Ellch back in the original hack, which is linked in the original post.

 

[Swarmlord]

So Apple releases a patch and our platform gets even more secure. Awesome.

Other than that, it is bullcrap that they didn't notify Apple beforehand and give the company the opportunity to patch it.

But clearly this is just some losers who want attention or make some politicial statement that "The Mac platform is not perfect." (Note to losers: Only the MSoft shills in the media think the Mac community believes our platform is invincible. In reality, we know every OS and every app has flaws. We just believe this Windows is a joke and Microsoft is a low quality company with shoddy products. Not that Apple is flawless.)

So this will make the rounds in the news for a week. The Apple brand will take a minor hit.

And Windows will still suck. Vista will still be a pathetic upgrade. OS X is still more secure. And Leopard will still rock.

Nothing really has changed...

Exactly. It is so lame when people that find holes, flaws and bugs go to the press or internet before contacting the manufacturer to notify them and give them a chance to patch it BEFORE hackers can exploit it.

 

[frozencarbonite]

This is Airport and NOT Airport Extreme.

Anybody with an Airport Extreme (or later) will not be vulnerable to this exploit.

However, this is all macs that have the original Airport not just PowerBooks and iMacs. It's also eMacs, iBooks and Power Macs.

That's really good to know. I have a Powerbook that I bought back in the summer of 2004 and I don't have any plans on buying a new one soon. Well it's actually because I can't afford a new one right now.

I wonder how you can tell when your Powerbook was made? Is there a way to tell?

 

[kozmic stu]

I wonder how you can tell when your Powerbook was made? Is there a way to tell?

To find out if your computer is vulnerable to this attack, go to System Profiler (Applications:Utilities:System Profiler; or Apple Menu>About This Mac>More Info...) In the menu on the left hand side, you should see 'AirPort Card' (inside 'Network'). Click this, and if the 'Wireless Card Type' says 'AirPort Extreme', then there's no problem

Hope this helps...

Stu

 

[0010101]

Further proof that one of the things that has kept the Mac platform relatively exploit and virus free isn't that such things were impossible.. but because nobody cared enough to try and poke holes in it.

The more Mac people laugh in the face of Windows folks and snobbishly exclaim how secure and exploit free their OS is.. the more people will try to prove them wrong.

Let's face it.. it's like walking into a biker bar and announcing that you're the biggest, baddest mofo in the joint.

Won't be long before somebody puts your theory to the test.

I agree it's lame that a group found a hole, then published that finding before notifying Apple about it so they could patch it.. but not nearly as lame as Apple not catching that hole before they released the OS.

But i'll say this.. in the world of exploits and 'flaws', this one isn't much of a threat.. unless you're using a 3+ year old Airport Card, and your computer spends most of its time searching for a base station.

After struggling with the flaws, bugs, hacks, viruses, spyware, malware, and browser exploits on the Windows platform for the last several years, I can honestly say that this recent announcement dosen't bother me a bit.

But then again, I don't use an Airport card, either.

 

[kalisphoenix]

This just goes to support the conventional wisdom that Macs have longer usable lifespans than most computers. Not many other people give a damn that a vulnerability was found in an old Wireless-B card

"Vulnerability found in CP/M. Film at 11."

 

[OhEsTen]

The more Mac people laugh in the face of Windows folks and snobbishly exclaim how secure and exploit free their OS is.. the more people will try to prove them wrong.

Who's being snobbish?

Everytime there is a new article on "New Mac Virus Released" the same tune is played over and over.... "You Mac fanboys are getting what's coming to you because of the snobby bastards you are..."

Mac OS X is more secure than windows is.

No one has ever said (or would ever say for that matter) that they are unhackable because thats just not true. But, that still doesn't change the fact that windows has a LOT more security holes than OS X.

OS X will stay the more secure (of the 2 OSes) until they get more viruses than windows.

 

[nagromme]

This exploit COULD be real, and if so, I thank them for uncovering it, on behalf of 4+ year-old AirPort users. They have done a great service, even though they intentionally did so in a way (not letting Apple know) that could help hackers rather than users. That's immature, but in the end the result is that an exploit (if real) can now be prevented.

However, they lose a lot of credibility when they re-state the original claim about AirPort hacks, and refer to FUD and cover-ups when that claim was debunked. They know as well as anyone that the "60 second" AirPort hack was not for real, and to state falsely that it WAS real leaves me skeptical about their other claims. But others can easily determine that one way or another now.

In any case, they, like some posters here, are clearly acting out of emotion against Macs. I would remind people that having positive emotions FOR a tool that helps you is quite rational, more so than having negative emotions about a tool nobody forces you to use. Liking Macs makes sense. Not liking macs makes sense. Liking Windows makes sense too, if it's a tool that serves you well. Hating Windows makes sense--IF you are forced to use it, as many people are. Hating Macs, and the childish emotions people are venting against people who like Macs, is just not rational in the same way. (Unless, of course, the people getting emotional against Mac users have been forced to use Macs at work, the way people are forced to use Windows. Unlikely, but if so, I can appreciate their frustration, even though they need not take it out on Mac users.)

People who insult Windows users JUST because they like Windows--and people who insult Mac users JUST because they like Macs--are barking up the wrong tree. Put down the product (Windows or OS X) for its flaws. Don't put down the people who find the tools useful and even fun--they don't hurt you.

And if you don't think a "tool" CAN be fun... you may wish to try other tools

EDIT: as BWhaler said, I've never seen a single Mac users claim that Mac security is perfect, only that it's much better than Windows. Undeniably still true, and undeniably by design. (And yes "obscurity" helps too, obviously--just don't make the mistake of thinking it's the only thing that helps Macs.) The people claiming Mac users "think Macs are perfect" (we don't) and get angry about how much easier Mac users have it (and still will, even when we have our first successful real-world virus someday) are understandably upset: they face frustrations with Windows that we just don't have to deal with, and never will on the same scale as Windows. But we will and DO have to deal with security issues from time to time. "Much better" is not "perfect!"

 

[Snowy_River]

...
I agree it's lame that a group found a hole, then published that finding before notifying Apple about it so they could patch it.. but not nearly as lame as Apple not catching that hole before they released the OS.
...

Lame of Apple? Do you have any idea how difficult it is to find ALL flaws, bugs, holes, etc. in something as complex as a modern OS? You're saying that the most lame aspect of this is that Apple didn't ship a completely bullet proof, flawless OS.

It seems to me that your expectations are the ones that are artificial, not those who are saying that the Mac OS is the most secure major OS on the market.

 

[robertnq]

it took them almost four years to find it...

We all due respect to the BLack Hat community....they found the problems with iMac's and PowerBook's from 2003??? I think thats better, than finding problems with a PC...it probably only takes them 3 mintues to find those....hmmmm.....interesting...dont you think?

 

[savar]

Further proof that one of the things that has kept the Mac platform relatively exploit and virus free isn't that such things were impossible.. but because nobody cared enough to try and poke holes in it.

Well you're right, *if and only if* this exploit is true. I have yet to see anybody confirm that this actually works.

 

[FoxyKaye]

"Vulnerability found in CP/M. Film at 11."

OK - that was funny. It made me think of our neighbor's old Osborne "portable" computer (that weighed almost 45 pounds).

I wonder though - are there many hackers actually equipped to exploit this vulnerability, and of those who are, how many feel the need to single out Macs when there's a myriad of Windows based systems with much easier hacked access out there (because we all know that not everyone updates Windows on the daily basis that it needs to keep up with the vulnerabilities)? I'd be very surprised if more than a handful of Mac users are actually attacked using this method.

 

[twoodcc]

well this doesn't really affect me right now, but i'm glad that these drivers were released for other people

 

[bousozoku]

This just goes to support the conventional wisdom that Macs have longer usable lifespans than most computers. Not many other people give a damn that a vulnerability was found in an old Wireless-B card

"Vulnerability found in CP/M. Film at 11."

Don't say that. I still use my Kaypro 1.

Over at OSNews, people were like "why should this be a problem? who would be using old computers like those?" but many of us still use G3 and G4 Macs regularly. I suppose the fix to the device driver won't be available for Jaguar or Panther, though, and should be.

 

[TaoMacGuy]

Airport "Exploit"

1. This exploit has yet to be confirmed by another party.

2. This exploit has yet to be demonstrated to have occurred in the wild.

3. As others have noted, Mac OS X, is *by design,* more secure than Windows. This is not debatable. It is a fact.

4. Exploits *will* be found. Remember, any code which is bug free is, by definition, obsolete.

Me? I'm happy as a clam using my 5 Macs. I only run Windows now as virtual machines using Parallels.

Moving on.

 

[SC68Cal]

New exploits released for Windows ME.

More at 11