Apple fixes vulnerability in WLAN drivers
In an update, Apple has fixed a vulnerability in its AirPort drivers that was first disclosed at the end of November. When processing prepared WLAN frames, a buffer overflow can occur, causing the computer to crash. Core Duo versions of the Mac Mini, MacBook and MacBook Pro were affected. Other systems, such as Core-2 Duo versions, were not vulnerable.
Meanwhile, two more vulnerabilities have turned up as part of the Month of Apple Bugs. A bug in the CFNetwork Framework can cause the computer to crash. For this to happen a server must send a vulnerable client a specific HTTP response. The problem is caused by dereferencing a null pointer.
In addition, there is a format string vulnerability in Apple Software Update. Processing swutmp files with prepared file names can crash the service. It may also be possible to exploit this to inject code. Normally updates come via HTTP from Apple's servers only. However, according to the bug report, it should be possible to slip a victim a manipulated update file either via e-mail or via the browser.
- About the security content of AirPort Update 2007-001, advisory from Apple
- Apple CFNetwork HTTP Response Denial of Service, bug report from LMH
- Apple Software Update Catalog Filename Format String Vulnerability, bug report from KF