Free Republic
Browse · Search		 General/Chat
Topics · Post Article

Skip to comments.

Security Update now available for Mac OS X Airport
Apple Computer ^ | 9/21/2006 | Apple Computer

Posted on 09/22/2006 8:21:03 AM PDT by Swordmaker

About the security content of AirPort Update 2006-001 and Security Update 2006-005

This document describes Security Update 2006-005 and the security content of AirPort Update 2006-001, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

AirPort Update 2006-001 and Security Update 2006-005

  • AirPort

    CVE-ID: CVE-2006-3507

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7

    Impact: Attackers on the wireless network may cause arbitrary code execution

    Description: Two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges. This issue affects Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected. There is no known exploit for this issue. This update addresses the issues by performing additional validation of wireless frames.

  • AirPort

    CVE-ID: CVE-2006-3508

    Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7

    Impact: Attackers on the wireless network may cause system crashes, privilege elevation, or arbitrary code execution

    Description: A heap buffer overflow exists in the AirPort wireless driver's handling of scan cache updates. An attacker in local proximity may be able to trigger the overflow by injecting a maliciously-crafted frame into the wireless network. This could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issue by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.

  • AirPort

    CVE-ID: CVE-2006-3509

    Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7

    Impact: Depending upon third-party wireless software in use, attackers on the wireless network may cause crashes or arbitrary code execution

    Description: An integer overflow exists in the Airport wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage. No applications are known to be affected at this time. If an application is affected, then an attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into the wireless network. This may cause crashes or lead to arbitrary code execution with the privileges of the user running the application. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issues by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.

Installation note

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either AirPort Update 2006-001 or Security Update 2006-005.

For reference if installing from a manually-downloaded package:

AirPort Update 2006-001 will install on the following systems:

  • Mac OS X v10.4.7 Builds 8J2135 or 8J2135a

Security Update 2006-005 will install on the following systems:

  • Mac OS X v10.3.9
  • Mac OS X Server v10.3.9
  • Mac OS X v10.4.7 Builds 8J135, 8K1079, 8K1106, 8K1123, or 8K1124
  • Mac OS X Server v10.4.7 Builds 8J135 or 8K1079

For Mac OS X 10.3.9 and Mac OS X Server 10.3.9 systems, if Software Update does not display Security Update 2006-005, the following updates need to be installed:

spacer
Search

Email This Article

Log in to send email

Did this article help you?
It solved my issue...
Tell us what works for you.



It's good, but...
Report typos, inaccuracies, etc.



It wasn't helpful...
Tell us what would have helped.

Languages
This article is available in the following languages:
Keywords: ktech kmosx4 kmosx3

Article ID: 304420 Date Created: September 19, 2006 Date Modified: September 21, 2006


TOPICS: Computers/Internet
KEYWORDS: airport; computersecurity; wifisecurity
Use "Software Update" under the blue Apple menu on the Menu Bar.
1 posted on 09/22/2006 8:21:04 AM PDT by Swordmaker
[ Post Reply | Private Reply | View Replies]
To: 1234; 6SJ7; Action-America; af_vet_rr; afnamvet; Alexander Rubin; anonymous_user; ...
Security Update for Airport WIFI now available for Mac OS X...

PING!

Thanks to ShorelineMike for the heads up.

If you want on or off the Mac Ping List, Freepmail me.

2 posted on 09/22/2006 8:23:48 AM PDT by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 1 | View Replies]
To: Swordmaker

Ongoing thanks!


3 posted on 09/22/2006 8:32:15 AM PDT by sarasota
[ Post Reply | Private Reply | To 2 | View Replies]
Comment #4 Removed by Moderator
To: Yehuda
my OS software update refuses to connect (yes, I am logged in ,(:>)

Could be the server is overloaded... I just connected and updated not ten minutes ago.

5 posted on 09/22/2006 8:48:23 AM PDT by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 4 | View Replies]
To: Swordmaker

But everyone knows there are no security flaws in a mac?


6 posted on 09/22/2006 9:21:23 AM PDT by Revel
[ Post Reply | Private Reply | To 1 | View Replies]
To: Revel
But everyone knows there are no security flaws in a mac?

Do we need to explain to you the difference between a computer and a wireless network?

7 posted on 09/22/2006 10:32:19 AM PDT by SlowBoat407 (I've had it with these &%#@* jihadis on these &%#@* planes!)
[ Post Reply | Private Reply | To 6 | View Replies]
Comment #8 Removed by Moderator
To: Yehuda

You don't happen to be using DirectWay are you?


9 posted on 09/22/2006 2:08:28 PM PDT by TheBattman (I've got TWO QUESTIONS for you....)
[ Post Reply | Private Reply | To 4 | View Replies]
To: Swordmaker

10 posted on 09/22/2006 5:36:19 PM PDT by Bronzewound
[ Post Reply | Private Reply | To 1 | View Replies]
To: Bronzewound


Spelling Corrected.
11 posted on 09/22/2006 5:48:14 PM PDT by Bronzewound
[ Post Reply | Private Reply | To 10 | View Replies]
Comment #12 Removed by Moderator

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search		 General/Chat
Topics · Post Article
FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson