From MacSlash...
Well (they) definately found a security flaw... but couple things to remember before everyone starts running for the hills. The Flaw requires a few things:I would guess a patch is already in the works, so hopefully the problem is corrected before it starts widespread panic!
- It required use of a third party wireless card attached to the MacBook (I doubt many people would opt for that over the built in card)
- You need to actively decide to join this unknown access point (many people will likely hop on any free WiFi... better think twice!)
- The flaw is in the wireless driver for that third party wireless card (still Apple's respsonsibility I guess if they provided the drivers with OS X) [Latest Reports are that although they used a 3rd party card, Apple's own internal wireless would also be vulnerable. Why then use the 3rd party card????? - Swordmaker}
- He doesn't say if he actually got root access or just user level... regardless he could still mess with your personal stuff! [Latest Reports are that he did not... and he already knew the passwords and login info for the Macbook! - Swordmaker}
- This is NOT limited to just Apple...
- it is buggy THIRD PARTY software drivers that got p0wned. So yes, Windows users are vulnerable to the same flaw.
There's more:
Anyone who read this article will also note that the "hackers" also had to install a "root kit" on the MacBook prior to running the hack. With no know exploits for OS X in the wild, how is this going to happen? // The MacCast. For Mac Geeks, by Mac Geeks // Find it @ maccast.com
Ugh... right after I post, I see that you had answered with more info....
So - I never use a third-party wireless card (Airport Extreme - why anything else??)
I don't use 3rd party drivers.
Root Kit???? What the heck would I need to install that for?
Seems to me that the most "vulnerable" to such a hack would be the same type person that would be an exploiter of such a vulnerability - and would know how to counter it....