Lots of main stream press stories about a remote root exploit in Apple wireless drivers. Seems like there is some truth here, and also a little bit of confusion. First off, this isn't just about Macs - the hacker duo demonstrating the exploit say it works against most wireless drivers on any platform. And secondly, they didn't actually demonstrate the exploit against the shipping Apple wireless drivers - they demonstrated it against a 3rd party wireless card (not the shipping Airport card) running 3rd party drivers. Color me unimpressed there. However, they say that it works against Apple's card and driver as well. I guess we'll have to wait for confirmation on that. And thirdly, the vulnerability can be fixed with one click in system preferences. I am still trying to figure out if new systems ship in an exploitable state, or if this "feature" is off by default. In any case, to protect yourself you just need to set Airport to only search and join known wireless networks automatically (instead of just joining any open wireless network within range.)
To do this, open System Preferences. Click on Networking. In Networking set 'Show:' to Airport, and on that screen set 'By default, join:' to 'Preferred Networks' (not 'Automatic'.)
I have confirmed that OS X ships with a default setting that requires you to confirm before joining any wireless networks. So provided you haven't changed this setting you should be safe (and if you have changed the setting to 'automatic' it's just one click to change it back as described above.) Still waiting to see if the people behind this are going to demonstrate the attack against the Apple drivers (rather than some 3rd party driver that no one uses and which the attackers selected!) That part of it seems *very* suspicious. Still, if this is true it is a very serious exploit. Unfortunately the reporting on the issue has been incredibly poor so we just don't know.
|
To do this, open System Preferences. Click on Networking. In Networking set 'Show:' to Airport, and on that screen set 'By default, join:' to 'Preferred Networks' (not 'Automatic'.)
- jim 8-03-2006 7:59 pm
I have confirmed that OS X ships with a default setting that requires you to confirm before joining any wireless networks. So provided you haven't changed this setting you should be safe (and if you have changed the setting to 'automatic' it's just one click to change it back as described above.) Still waiting to see if the people behind this are going to demonstrate the attack against the Apple drivers (rather than some 3rd party driver that no one uses and which the attackers selected!) That part of it seems *very* suspicious. Still, if this is true it is a very serious exploit. Unfortunately the reporting on the issue has been incredibly poor so we just don't know.
- jim 8-04-2006 6:42 pm