__/ [ nessuno@xxxxxxxxxxxxxxxxxxx ] on Friday 04 August 2006 07:13 \__
> Quote:
> -------------
> If you want to grab the attention of a roomful of hackers, one sure
> fire way to do it is to show them a new method for remotely
> circumventing the security of an Apple Macbook computer to seize total
> control over the machine. That's exactly what hackers Jon "Johnny
> Cache" Ellch and David Maynor plan to show today in their Black Hat
> presentation on hacking the low-level computer code that powers many
> internal and external wireless cards on the market today....
>
> The video shows Ellch and Maynor targeting a specific security flaw in
> the Macbook's wireless "device driver," the software that allows the
> internal wireless card to communicate with the underlying OS X
> operating system. While those device driver flaws are particular to the
> Macbook -- and presently not publicly disclosed -- Maynor said the two
> have found at least two similar flaws in device drivers for wireless
> cards either designed for or embedded in machines running the Windows
> OS. Still, the presenters said they ultimately decided to run the demo
> against a Mac due to what Maynor called the "Mac user base aura of
> smugness on security."
> -----------
> End quote
>
>
http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco_1.html
I think that some subsequent articles argued the vulnerability could
potentially expose all platforms. This also reminds me of:
http://www.theregister.co.uk/2006/08/02/intel_wireless_vulns/
,----[ Quote ]
| Public exploits of this vulnerability on either of the other two are yet
| to emerge, so let's not panic just yet. The other two flaws covered a
| privilege escalation vulnerability involving device drivers and
| information disclosure bug involving Intel PROSet management software.
`----
|
|
