In his original advisory from the Month of Kernel Bugs, LMH said Apple's Airport Extreme driver fails to handle certain beacon frames, leading to out-of-bounds memory access and resulting in a so-called kernel panic.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Apple said in its 305031 advisory,"An attacker in local proximity may be able to trigger a system crash by sending a maliciously-crafted frame to an affected system."
The problem affects the Core Duo version of Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Other systems, including the Core 2 Duo versions are not affected. Apple said its security update addresses the issue by performing additional validation of wireless frames.
In a recent interview conducted by email, LMH explained his motivation to disclose flaws in this manner.
"It's better to have someone disclosing your security flaws than having them known by the bad guys only," he responded. "This pushes the vendor to change its procedures and policies for vulnerability handling and disclosure. And that's where users benefit."
However, some security experts have criticized such disclosure projects as something designed more for press attention than better security.