AOH :: ISN-3218.HTM

Attack code out for new Apple Wi-Fi flaw

Attack code out for new Apple Wi-Fi flaw
Attack code out for new Apple Wi-Fi flaw 

By Joris Evers
Staff Writer, CNET
November 1, 2006

Kicking off a "month of kernel bugs," a security researcher has released 
attack code that he claims exploits a new security hole in wireless 
software from Apple Computer.

The vulnerability lies in the Apple AirPort driver, according to details 
on the flaw published by H.D. Moore, the developer of the Metasploit 
security tool. It affects only the AirPort driver provided with wireless 
cards shipped between 1999 and 2003 with PowerBooks and iMacs, the 
posting said.

To launch an attempt, the hacker would have to be on the same wireless 
network as a vulnerable Mac. The attack entails trying to trigger a 
memory corruption flaw by sending a malformed data packet to the 
computer, according to Moore's advisory. But the process isn't easy, and 
Moore hasn't yet been able to gain complete control over a vulnerable 
Mac, he wrote in an e-mail to CNET

"The vulnerability itself only affects older hardware and is going to be 
difficult to turn into a remote code execution exploit, but it's 
definitely possible, just a matter of time and motivation," Moore said. 
"The current proof-of-concept triggers a fatal kernel panic and forces 
the user to power cycle their machine."

Apple is investigating the flaw, Lynn Fox, a spokeswoman for the Mac 
maker, said in a statement sent via e-mail. "This issue affects a small 
percentage of previous generation AirPort-enabled Macs and does not 
affect currently shipping or AirPort Extreme enabled Macs," she said.

The public release of the Mac vulnerability is the kick-off for an 
initiative titled the "Month of Kernel Bugs," launched by a security 
researcher who goes by the initials "LMH." As part of the effort, 
details of a new bug in low-level software will be made public every 
day. It is a follow-up to Moore's July month of browser bugs, and a jab 
at Apple's security and the company's response to earlier discussions of 
Wi-Fi flaws.

"With all the hype and buzz about the now infamous Apple wireless 
device-driver bugs, hopefully this will bring some light--better said, 
proof--about the existence of such flaws in the AirPort device drivers," 
LMH wrote on the Month of the Kernel Bugs blog.

In particular, LMH is referring to the widely publicized and 
often-criticized presentation on Wi-Fi driver flaws at a high-profile 
security conference. At Black Hat in Las Vegas, two security researchers 
showed how an attacker could gain complete control over a MacBook by 
sending malformed network traffic to a vulnerable computer. 

At the time, Apple  criticized the two for not proving their case. It 
came out with patches for Wi-Fi flaws a month later.

The Mac company handled that event poorly, Moore said. "I see this 
exploit as a great way to demonstrate just how easy some of the wireless 
driver vulnerabilities are," he said.

Moore's proof-of-concept exploit has been added to Metasploit Framework 
3.0. This latest version of the security tool, popular with both 
security professionals and miscreants, has the ability to probe for 
vulnerabilities in wireless software.

"This allows Metasploit module developers to target all sorts of 802.11 
wireless vulnerabilities," Moore said. "We plan on ramping up our 802.11 
support over the coming months."

Copyright 1995-2006 CNET Networks, Inc. All rights reserved.

Visit the InfoSec News store! 

Site design & layout copyright © 1986-2014 CodeGods