Apple fixes Mac Wi-Fi flaw

The Mac OS X Wi-Fi flaw Apple fixed on 24 Jan was first disclosed as part of the Month of Kernel Bugs in November. Attackers could exploit it to crash the targeted system.

This Article Covers


Apple has fixed one of the Mac OS X Wi-Fi flaws reported by the researcher LMH during his Month of Kernel Bugs project in November. Local attackers could exploit the flaw over a wireless network to crash the victim's machine.

In his original advisory from the Month of Kernel Bugs, LMH said Apple's Airport Extreme driver fails to handle certain beacon frames, leading to out-of-bounds memory access and resulting in a so-called kernel panic.

Apple said in its 305031 advisory,"An attacker in local proximity may be able to trigger a system crash by sending a maliciously-crafted frame to an affected system."

The problem affects the Core Duo version of Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Other systems, including the Core 2 Duo versions are not affected. Apple said its security update addresses the issue by performing additional validation of wireless frames.

LMH is now engaged in a Month of Apple Bugs project. His two "Month-of" projects were inspired by the Month of Browser Bugs project launched by Metasploit Framework creator H.D. Moore in July.

In a recent interview conducted by email, LMH explained his motivation to disclose flaws in this manner.

"It's better to have someone disclosing your security flaws than having them known by the bad guys only," he responded. "This pushes the vendor to change its procedures and policies for vulnerability handling and disclosure. And that's where users benefit."

However, some security experts have criticized such disclosure projects as something designed more for press attention than better security.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on PC hardware



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...