Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Apple updates Airport Drivers - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple updates Airport Drivers
Apple today released an urgent update for OS X, fixing arbitrary code executing issues with its airport drivers. This is likely going to fix the issues demoed at Blackhat. This demo ignited a controversy as Apple never actualy acknowledged that such a vulnerability exists. The researchers at the time where careful not to demo the exploit outside of a controlled lab in order to not release the exploit (after all... its "wireless").

The full advisory notes 3(!) arbitrary code execution issues fixed by this patch. The advisory mentions that there is no known exploit, and does not give credit to anyone for discovering the vulnerability.

I recommend applying the patch ASAP. However, you will only be able to download the full patch "as is". Patches for the individual vulnerabilities are not provided. Interestingly, OS-X update labels the patch a "wireless network reliability fix".

For more background from Brian Krebs, see his latest blog.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4473 Posts
ISC Handler
Sep 21st 2006

Sign Up for Free or Log In to start participating in the conversation!