Zero-day exploit released for unpatched Apple Airport Driver!

Zero-day exploit released for unpatched Apple Airport Driver!

Summary: The MoKB (Month of Kernel Bugs) has started and a zero-day kernel-level exploit for an unpatched Apple Airport Driver has been released to the public with a full proof-of-concept.  The flaw was found by HD Moore of the Metasploit project and it will be rolled in to the Metasploit 3.

SHARE:
TOPICS: Apple
357

The MoKB (Month of Kernel Bugs) has started and a zero-day kernel-level exploit for an unpatched Apple Airport Driver has been released to the public with a full proof-of-concept.  The flaw was found by HD Moore of the Metasploit project and it will be rolled in to the Metasploit 3.0 project which is a powerful penetration testing suite

The explanation given to me by members of the research community for this sudden disclosure was that these exploits are always "imaginary" to Apple and there are no exploits for the Mac.  This is compounded by the fact that the Apple community has insisted that anyone talking about an Apple exploit without releasing proof of the exploit must be frauds.  The Kernel Fun blog which released this exploit is related to the MoKB also cited a blog I wrote about Apple refusing to give credit to security researchers where Apple admitted they got the information that prompted an internal audit leading to a patch but refuses to give any credit to the researchers.  Brian Krebs who broke that original MacBook hack story from Black Hat also has additional coverage of this this latest exploit.  Krebs also posted a transcript of some questions he had for HD Moore.

Brian Krebs writes:
The vulnerability is the first in a series of daily bug details to be released over the next 29 days as part of the "Month of Kernel Bugs" project. LMH said we can expect at least five more Apple kernel bugs to be detailed in the coming days, as well as kernel flaws in Linux, BSD, and Solaris 10 systems.

[UPDATE 3:30PM, reader "V-Train" points out that only some PowerPCs are affected so I've fixed this paragraph] According to Brian Krebs, Apple's Lynn Fox told him that "We were recently made aware of this security issue in our first generation AirPort card, which has not shipped since October 2003.  This issue affects a small percentage of previous generation AirPort enabled Macs and does not affect currently shipping or AirPort Extreme enabled Macs."  But the flaw affects all "Airport enabled Macs" which are the PowerPC based Macs that comprise roughly half of the Mac market.  The "AirPort Extreme enabled Macs" are used in the newer Intel and PowerPC based Macs.  But with potentially five more Apple kernel bugs coming out this month, the newer Macs may not be spared either.

This is only the beginning shot for the Month of Kernel Bugs and this Airport exploit may only be the tip of the iceberg for Apple.  Apple may not be the only company affected and there will be more disclosures to come.

[Update 2:20 PM]
John Gruber has already begun spinning the news of this latest Apple flaw stating that it only affected older Macs and that "the published exploit only works when the card is in active scanning mode, so even if you have a vulnerable machine, you won’t be vulnerable in normal use."

The problem is that Gruber does not realize how easy it is to force any wireless client in to active scanning mode.  There are common wireless hacking tools that can easily kick any client off of their access point and force them to search for access points which is "active scanning mode".  This means the attack can be launched at will at any time.

Topic: Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

357 comments
Log in or register to join the discussion
  • This just cannot be! Right!?

    Good heavens! Oh no! How are we to ever believe that Apple has a wireless flaw!! It cannot be.

    Well, even if it is, I'm sure whatever proof may be offered for such a vulnerability it will be explained away some how. I think thats safe to say given that what ever proof of problems with Apple computers have been proved in the past, the evidence has simply been overcome by simple verbal refutation without any substance by certain members of the pro-Apple crowd, and as that seemed to be good enough for them in the past, to ignore Apple vulnerabilities, I have no doubt it will serve their ego's adequately in this case.
    Cayble
    • Strawman

      Ah, it's my good friend, Strawy McStrawman, trotting out one of his favorite arguments, that all Mac users claim that Apple's OS and hardware have no flaws.

      Sigh.

      Nice attempt, but let's remember what all this controversy is about. Two researchers claimed to have an exploit, then refused to show it to anyone other than one reporter. George touted this alleged exploit for months, promising proof but never actually supplying it. That's why people doubt that it exists, not because anyone thinks Apple's products are bulletproof.

      Please work harder to come up with an argument that reflects reality better next time.
      tic swayback
      • That's Artie!

        Hey, that's "Artie MacStrawman", Tic! As the one who invented him, I should know!
        Moltz
      • Its about alot more then that my 'friend'

        It?s almost ludicrous to see you come up with the same old comeback that I am expressing 'strawman' concerns. It actually illustrates just how far removed some of the pro-Apple crowd are from the reality of their own claims.

        Now let me make this clear tic, I am not saying all pro Apple people or even most, I?m actually thinking the term 'some' more then covers the field of individuals I am referring too. And what many of them have alluded to, or have plain outright just said is that the whole original Apple wireless exploit claims made by Maynor/Ellch/Krebs was nothing less then a lie, and George and anyone who said it might have been true are also liars. In fact, when someone claims, at risk to their own reputation, that they have information that leads them to believe something to be a fact I suspect first that they at least actually do believe that, right or wrong, and I do not just simply assume they are lying so openly without good reason to suspect a lie. I do understand people can be in error of what they believe they understand to be true but I do not just assume they are lying when I think they are wrong.

        My personal position is that the original Macbook exploit claim sits as a reported but unproven claim and I reserve judgment until I see further information. I see that as a stand that actually reflects the facts as opposed to coming down hard on one side of the fence or the other when there has been no solid proof one way or the other and reasonable questions are left unanswered on both sides of the issue.

        I have no argument with anyone who simply says they do not believe it unless new information comes out, I do have an argument with anyone who claims there is a shred of publicly known proof that it was all a lie or a fraud. And I have seen a number of people just get downright rude in asserting how big a fraud they believe the claim was. This is the same standard many of these pro Apple people want us to apply to Maynors claims; that if there is no public shred of proof its not to be accepted as proved, and so it goes for both sides of the issue, no proof, no decision.

        So my argument is far from a 'strawman' argument. It may not be an issue that interests you, and I can understand that, fair is fair. But the question of why anyone has to be so adamant or venomous in coming down on either side of the question I think is an issue. I have seen certain people make posts, whom I will leave unnamed, simply explain away with nothing more then ?claims? any and every possible negative fact about Apple. And there is something not quite right about that. To say that ?no one has said Apple computers are perfect? is far more then a little disingenuous because it amounts to the same thing when any negative claim is simply dismissed out of hand in every case and then to claim the high ground by saying you realize Apple is not perfect.

        As I do find you far more responsive and honest in your posts then some of the others who make outrageous remarks I would hope you maintain that integrity by retracting your claim that my favorite argument is ?that all Mac users claim that Apple's OS and hardware have no flaws.? Not only have I never said that tic, I never have come close to saying that, and I think you must realize that. The problem is that there have been a disproportionate number of pro Apple users that post here that do appear to believe that and if anyone responds to a significant number of them it might give the impression that that person thinks all Apple users are so pig headed. I for one do not think that, and as I know several Apple users personally who are all very reasonable and rational and have none of their self esteem tied to their choice of hardware or OS.
        Cayble
        • Go back and re-read your post

          Your original post is not a balanced, reasoned argument like this one. It is instead a sarcastic condemnation of anyone who questions George's claims, anyone who uses a Mac really.

          ---Now let me make this clear tic, I am not saying all pro Apple people or even most, I?m actually thinking the term 'some' more then covers the field of individuals I am referring too. ---

          So am I right in saying "some" ZDNet bloggers are hideously biased? That "some" of them cherry pick information to support their pre-conceived conclusions? That "some" posters on talkbacks are Windows shills whose livelihood and self-esteem relies upon tearing down anyone who dares to use something other than Windows?

          ---My personal position is that the original Macbook exploit claim sits as a reported but unproven claim and I reserve judgment until I see further information.---

          What is the difference between this and saying that the exploit does not exist as far as we know, and it should not be believed until proof is offered? I don't really care about their motives at this point. Given how poorly they've handled this thing, I'd say their credibility (and George's) has taken a beating. And the burden of proof still lies with them. They made the claims. If they want to be taken seriously, they must back them up.

          ---So my argument is far from a 'strawman' argument. ---

          The argument above was not. This one was:
          "Good heavens! Oh no! How are we to ever believe that Apple has a wireless flaw!! It cannot be...I think thats safe to say given that what ever proof of problems with Apple computers have been proved in the past, the evidence has simply been overcome by simple verbal refutation without any substance by certain members of the pro-Apple crowd, and as that seemed to be good enough for them in the past, to ignore Apple vulnerabilities, I have no doubt it will serve their ego's adequately in this case."

          You've admitted here that there is no proof of the exploit in question. Yet you claim that proof has been "overcome by simple verbal refutation without any substance by certain members of the pro-Apple crowd." Can you explain how that is even possible, and cite what evidence was overcome, and where it was overcome?
          tic swayback
          • Your answers tic

            I realize I was being sarcastic, and I do not think that was too crazy given some of the commentary I expect to see coming out. For example having just read Gruber?s typically biased response on this current vulnerability I think at least some of my point is proved about the claim in my original post. You will also note that I did use the words "certain members of the pro-Apple crowd" which I stand by as my opinion that not all or even most Apple users are fanatics.

            And you ask a very reasonable question;

            ?So am I right in saying "some" Zdnet bloggers are hideously biased? That "some" of them cherry pick information to support their pre-conceived conclusions? That "some" posters on talkbacks are Windows shills whose livelihood and self-esteem relies upon tearing down anyone who dares to use something other than Windows??

            You betcha your right! It?s quite obvious that there is no major hardware manufacturer or software producer that has not been represented by some serious fanaticism at times around here. I?m not even opposed to someone being very ?pro? on this or that, I just do not care for people who shut their eyes and plug their ears and stick their head in the ground when black and white information is shown to them; particularly when they claim to be a world traveler with a PHD.

            You ask further;

            ?What is the difference between this and saying that the exploit does not exist as far as we know, and it should not be believed until proof is offered??

            No difference as far as I?m concerned and if left at that or anything similar or slightly within the same sort of realm I have no argument. I think if you reread this quote from me you might see we may be quite close on what a reasonable approach to the issue should be;

            ?I have no argument with anyone who simply says they do not believe it unless new information comes out, I do have an argument with anyone who claims there is a shred of publicly known proof that it was all a lie or a fraud.?

            Finally you ask another reasonable question;

            ?You've admitted here that there is no proof of the exploit in question. Yet you claim that proof has been "overcome by simple verbal refutation without any substance by certain members of the pro-Apple crowd." Can you explain how that is even possible, and cite what evidence was overcome, and where it was overcome??

            The problem is, in my original post you thought I was alluding to the Maynor Blackhat claims specifically, which I was not. I understand, that being the big recent controversy about Apple that you may have reasonably suspected that was specifically what I was thinking of but it was not. What I really had in mind was a monstrously absurd stance taken by a poster recently that there has never been an OSX virus reported in the wild. This particularly bizarre individual simply choose to verbally refute black and white evidence without offering any actual counter evidence, in a sense simply sticking his head in the ground. Proof was as follows.

            http://tinyurl.com/y3bcwl
            http://tinyurl.com/afxbr
            http://tinyurl.com/e89a6
            http://secunia.com/search/?search=osx+virus&w=0

            Now while I can accept the fact that some people might have some explanation as to why they feel differently as far as certain definitions go, its pure ignorance to bluntly say these sources are simply wrong because they are in fact using industry standards and are being made by recognized experts, and there is not credible public refutation of the evidence. I say people may be free to their opinions, but there comes a time when you have to accept the fact your opinion is running counter to the known and accepted facts and it?s quite unfair to be insulting against someone who is using accepted facts. The simple ?nay saying? against the above when I said;

            ?what ever proof of problems with Apple computers have been proved in the past, the evidence has simply been overcome by simple verbal refutation without any substance by certain members of the pro-Apple crowd??

            And as your original post started off by saying ?Ah, it's my good friend, Strawy McStrawman, trotting out one of his favorite arguments, that all Mac users claim that Apple's OS and hardware have no flaws.? I have to understand that you are claiming that I am making a strawman argument that ?all Mac users claim that Apple's OS and hardware have no flaws.? I?m sorry tic, but that is clearly what you are saying my strawman argument is, and as I have already said, I have never even once said or implied that ?all Mac users claim that Apple's OS and hardware have no flaws.?. In fact I have worked carefully to ensure it has always been clear that I only have a problem with ?some? pro Apple users, and that problem arises when individual of this type, refute and dismiss out of hand every single negative report about Apple or OSX no matter what the proof, particularly when they talk out of the other side of their mouth claiming they know Apple isn?t perfect. It?s like saying, ?We all know Apple isn?t perfect or flawless, it?s just that its flaws are unknown to any part of mankind existing in this dimension??

            So, once again, I have to repeat, I have not made any such strawman argument. Please, be fair and retract your point.
            Cayble
          • Oh, please.

            "I have not made any such strawman argument. Please, be fair, retract your point."

            !?!?!? Don't make me laugh.

            Doesn't matter whether you were referring to "all mac users" or not; it's obvious you have made *a* strawman argument, and just about the oldest, stalest, most stereotypical one that exists, to bash on.

            Sigh. Whatever.
            anonymous
          • And I dont mind saying, you are one with your head in the ground.

            NT
            Cayble
          • Cayble resorts to name calling

            ...for lack of a better reply.
            anonymous
          • Can't do it

            ---?I have no argument with anyone who simply says they do not believe it unless new information comes out, I do have an argument with anyone who claims there is a shred of publicly known proof that it was all a lie or a fraud.?---

            If there is no proof, we must assume it does not exist. I refuse to take anything on faith (I'm a scientist, not a preacher). The question this obviously raises, is what do you think of George's accusations against Apple--he claims they have both lied and committed fraud (not to mention his claims of an "orchestrated assault")? Since he hasn't offered any proof, is he just as wrong as the Mac "zealots" you are bashing? Is he just as crazed and ridiculous?

            And I can't really retract my statement on your Strawman. My reading of it is that you're indicting Mac users for being polyannas. And I find that to be a misrepresentation. Sure, there are a couple of yahoos out there, but those people are to be found in any group. Painting the entire community with that brush does us all a disservice.
            tic swayback
          • Mac people

            To be fair though, I do know a number of folks, non-techie end users who don't know a thing about computers except that they can check their email and use their MySpace accounts, who use Macs because of the few 'yahoos' out there that tout theb OSX system as being 'bulletproof'. Indeed, these folks even back up their claims by stating that their system is better than Windows because there are no security issues with Mac. Keeping in mind that they are not very technologically advanced as the folks who post here are, it still is an absurd thing to claim.

            Mac advertisements do not help either, since they portray Macs as being 'bulletproof'... don't believe me? Check out the commercials (http://www.apple.com/getamac/ads/), in particular the 'Viruses', 'Trust Mac', and 'Restarting'. I've personally locked up OSX and had to restart three times in my experiences with them, and the advertising claims that there are no risks to Macs just fuel the fire for those aforementioned 'yahoos'. The typical consumer sees advertisements like these and takes them at face value. Talk about duplicity. Seems to me that the good folks who created these advertisements are 'lying'. Perhaps we should take a look at a new definition of 'Strawman" huh?

            No doubt there are some decent folks out there that are OK with the fact that OSX is not perfect. I'm OK with admitting that Windows is far from secure, and the concerns that are being voiced about Vista will keep me from buying it right away. I'll also admit that there are Windows 'yahoos' out there as well who can find no evil in MS. But I've also seen more of those types in the Mac crowd than in the MS crowd.

            If you want, as a Mac fan, to defend that position you'd better realize that from a consumer standpoint, the company itself is claiming to have a perfect product... hence a lot of MS fans are going to assume that if you are defending Mac you are defending that claim.
            wcb42ad
          • Odd reaction

            I find it really odd how personally Windows users seem to take Mac ads. I see lots of offensive ads on television. I remember how incredibly annoying the "Dell Dude" was. Yet it never made me hate Dell users, or want to attack Dell's computers.
            tic swayback
          • "Odd Reaction"

            >>> I find it really odd how personally Windows users seem to take Mac ads. >>>

            Maybe, to borrow the oft quoted line from Jack Nicholson in "A Few Good Men", "You (they) can't handle the truth!" :-)

            ...
            MacCanuck
          • Dude, you're getting a Dell!!

            [i]I remember how incredibly annoying the "Dell Dude" was.[/i]

            I don't remember the Dell ads making any claims about any company other than Dell though. I don't find the Mac ads annoying (I actually think they are mostly humorous) but I do find [b]some[/b] of them to be inflammatory and disingenuous (without crossing the line into outright dishonesty). Any company making nasty claims about another company [b]should[/b] draw negative feedback. I remember being at the VS.NET 2005 launch and an MS presenter started poking fun at Oracle's claims of being "unbreakable". Did the guy lie? No, but it was petty and I remember feeling quite disgusted by it. The [b]negative[/b] Mac ads are petty. I highlight the word [b]negative[/b] because I actually find some of those ads to be fairly complimentary of PCs. That is something I've never seen in Apple advertising before so I give credit to Apple for those specific ads.
            NonZealot
          • Criticism is fine...

            ...the problem is when it gets so personal and inflammatory. Call Apple on the carpet for specific claims, no problem. But hating Mac users, wanting to jab a cigarette in their eyes, releasing exploits or writing blog articles cheering those releasing exploits and justifying their actions, that's taking an ad a bit too seriously.
            tic swayback
          • Its the claim of perfection...

            that is misleading, especially to the consumer. To claim that your product is essentially bulletproof and free of flaws, as well as totally secure gives the average joe a false sense of security. It also fans the fires for those aforementioned zealots that can find no wrong with their Macs. While it may be true that Macs are more secure than Windows, they still do have their flaws. I don't have a problem with Macs, though I do have to admit that I've had more problems with the Macs at my old job than I have ever had with any PCs that I have owned. I just think that its not very responsible to mislead the consumer.
            wcb42ad
          • Claim of perfection

            "Its the claim of perfection...

            that is misleading, especially to the consumer. To claim that
            your product is essentially bulletproof and free of flaws"

            So all you have to do is show where Apple claimed that their
            product was perfect and free of flaws.

            THAT is the kind of strawman argument TLC is talking about. No
            one ever claimed that the Mac was perfect, so your entire
            premise is bogus.
            jragosta
          • And that's the strawman

            ---To claim that your product is essentially bulletproof and free of flaws, as well as totally secure gives the average joe a false sense of security. It also fans the fires for those aforementioned zealots that can find no wrong with their Macs---

            Which would be true if anyone were claiming perfection. No one is. That's why it's a strawman argument.
            tic swayback
          • Sure tic, not what I said though, yours is the strawman argument, not mine

            If you actually knew what a strawman argument is you would realize the "I" have not said what you have claimed I said, instead you put up a strawman argument yourself buy claiming I have said ALL Mac users are apologists, which I have never done, then you tear down that argument as you and I both know because ALL Mac users are not apologists. THAT IS A STRAWMAN TACTIC AND YOU ARE USING IT, not me.

            I am saying that too many pro Mac people that post here are Apple apologists and I make no attempt to then tear down any argument. That is not a strawman tactic. It fails by the very definition of 'strawman". If you feel that others are doing that then fine, argue with them, but please, try to get reasonable and withdraw your accusation of me makeing a strawmanmaking argument because I have not! YOU HAVE against me!
            Cayble
          • Thanks for the clarification

            So what you're saying is then, that your argument is meaningless. Yes, there is a small number of Mac apologists here. So what. You are a master of observing the obvious.

            Turns out there are a bunch of Windows shills and Linux geeks here as well. Woo-hoo! Great meaningful point you've made. Thanks for educating us all.
            tic swayback