Exploit code released for Apple Wi-Fi flaw

A new hacker project kicked off Wednesday with the release of attack code against a new flaw in Apple Computer Inc.'s wireless software.

The code was provided by H.D. Moore, developer of the popular Metasploit security tool, and released via a blog called The Month of Kernel Bugs. The Month of Kernel Bugs is a spin-off of Moore's Month of Browser Bugs project, in which details of new browser flaws were released each day during the month of July.

In his analysis of the new Apple flaw, Moore said the wireless cards used in PowerBooks and iMacs manufactured between 1999 and 2003 are vulnerable to a remote memory corruption flaw.

Wi-Fi threats: Wi-Fi vulnerability assessment checklist Wi-Fi: Checking airwaves for rogues and 'discoverable' devices Wi-Fi access points go nuclear Apple fixes Mac Wi-Fi flaws

"When the driver is placed into active scanning mode, a malformed probe response frame can be used to corrupt internal kernel structures, leading to arbitrary code execution," he said. "This vulnerability is triggered when a probe response frame is received that does not contain valid information element (IE) fields after the fixed-length header. The data following the fixed-length header is copied over internal kernel structures, resulting in memory operations being performed on attacker-controlled pointer values."

Apple released a statement Wednesday saying the flaw "affects a small percentage of previous-generation AirPort-enabled Macs and does not affect currently shipping or AirPort Extreme-enabled Macs."

The Month of Kernel Bugs kicked off with the Apple flaw to keep the spotlight on wireless threats outlined at the Black Hat conference in Las Vegas three months ago, said the blog's author, a hacker who goes by the name of LMH.

"With all the hype and buzz about the now infamous Apple wireless device driver bugs … hopefully this will bring some light (better said, proof) about the existence of such flaws in the Airport device drivers," LMH wrote.