Apple‘s much-publicized WiFi hack of 2006 may have been real, as demonstrated at a Black Hat security conference in Washington, D.C. on Wednesday. The hack, which was shown on a MacBook running Mac OS X 10.4.6, was able to run malicious code while scanning for a wireless network.
The bug was initially discovered by researcher David Meynor, who claimed the exploit, if left unpatched, could be used to run arbitrary code on the Mac according to an article on MacNN.
Meynor revealed the bug last year, but conceded that he had been using a third-party WiFi card which took the brunt of the criticism prior to updates being released to fix the bug. Meynor also claims that Apple exerted undue pressure for him to release a public apology and threatened his then-employer, SecureWorks, which prevented his presentation of the security flaw at an event in San Diego.
Click the jump for the full story…
Apple‘s much-publicized WiFi hack of 2006 may have been real, as demonstrated at a Black Hat security conference in Washington, D.C. on Wednesday. The hack, which was shown on a MacBook running Mac OS X 10.4.6, was able to run malicious code while scanning for a wireless network.
The bug was initially discovered by researcher David Meynor, who claimed the exploit, if left unpatched, could be used to run arbitrary code on the Mac according to an article on MacNN.
Meynor revealed the bug last year, but conceded that he had been using a third-party WiFi card which took the brunt of the criticism prior to updates being released to fix the bug. Meynor also claims that Apple exerted undue pressure for him to release a public apology and threatened his then-employer, SecureWorks, which prevented his presentation of the security flaw at an event in San Diego.
In return, Apple has not claimed fault in its wireless networking architecture, but claimed the AirPort security updates, released a month after Meynor’s initial demonstration, were issued as a result of a thorough code review.
The Mac OS X 10.4.8 update, released lated, included fixes for the problem demonstrated by Meynor.
To date, a similar situation occurred last October when other security researchers discovered a vulnerability in a previous generation of AirPort-enabled Macs. Apple in turn released an update to its WiFi drivers as well as some of its Intel-based Macs running both the sever and client editions of its Mac OS X 10.4.8 operating system. The patch repaired a bug that could enable attackers on a wireless network to cause system crashes.