Wi-fi hijack risk for Macs

A trio of security flaws in Apple software that runs wireless-networking hardware could allow Macs to be hijacked over wi-fi, Apple said on Thursday.

The Mac maker released security updates to repair the problems, which together affect the AirPort wireless driver in Mac OS X 10 Panther version 10.3.9 and Mac OS X Tiger 10.4.7, according to Apple's security alert. Both Intel-based and Power PC-based versions of the Mac operating system are affected, on regular computers as well as on servers, it said.

Apple said in the alert describing one of the flaws: "Attackers on the wireless network may cause arbitrary code execution." "Arbitrary code execution" means the intruder can commandeer the system. The other two flaws allow the same type of compromise but can also cause system crashes or, in one case, privilege escalation, it added.

There are no known exploits for the vulnerabilities addressed by the update, Apple said. This means Mac users should not be under immediate threat of attack.

Apple's security patches come a month after security researchers at SecureWorks demonstrated at the Black Hat security confab how an attacker could gain complete control over a laptop by sending malformed network traffic to a vulnerable computer. They showed a video of a successful attack on an Apple MacBook.

The researchers used a third-party wireless card in the MacBook for their demonstration but said the AirPort wireless technology built into the laptop was also vulnerable, creating controversy in the Apple community.

In a statement released after Black Hat in August, Apple critiqued SecureWorks for saying Macs were insecure. A company representative said at the time: "Despite SecureWorks being quoted saying the Mac is threatened, they have provided no evidence that it is."

But Apple's security patches are not related to the Black Hat presentation, a company representative said on Thursday. Instead, the company itself hunted for bugs in its wireless software and uncovered the vulnerabilities, according to the representative.

The representative said: "In August, SecureWorks approached Apple with a potential flaw that they felt could affect wireless drivers on Macs. They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit.

"Today's update pre-emptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac."

A SecureWorks representative did not have an immediate comment.

The three vulnerabilities addressed by Apple all have to do with how the AirPort wireless driver handles "frames". An attacker could exploit the flaw by crafting a malicious frame and making it available on a wireless network used by vulnerable Macs, Apple said.

The first of the flaws, identified by CVE-2006-3507, affects Power Mac, PowerBook, iMac, Mac Pro, Xserve and Power PC-based Mac Minis equipped with wireless capabilities. The second issue, identified by CVE-2006-3508, impacts Intel-based Mac Mini, MacBook and MacBook Pro computers equipped with wireless. CVE, or common vulnerabilities and exposures, is a list that provides an index of standardised names for vulnerabilities.

The third problem, identified by CVE-2006-3509, is specific to how the AirPort wireless driver interacts with third-party wireless software, according to Apple. It also impacts Intel-based Mac Mini, MacBook and MacBook Pro systems equipped with wireless.

Apple did not list the iBook on its list of affected systems but it also did not mention the iBook as one of the machines not affected by any of the three flaws.

The Mac OS security updates are available via Apple's software update utility in the operating system, and from Apple's download site. Only one update is required, and the utility will present the applicable fix, Apple said.

Joris Evers writes for CNET News.com