AirPort Security Updates
Long period of quiet on this blog, I know. The news tends to come in bunches, doesn't it?
The big news of the last few months has been the alleged security flaws uncovered by two researchers that would allow a network cracker to access a system running Mac OS X (along with some Wi-Fi adapters not yet identified used with Windows) by sending particular sets of data that would cause the AirPort driver to either crash the Mac, run some code it was sent, or allow a cracker access at a level that no one but a system administrator should have access.
There's dispute over whether the researchers provided information to Apple that led to Apple releasing patches last week that fix flaws that sound quite similar. The researchers have not directly stated publicly that they provided enough information to pinpoint the flaws; Apple says explicitly they did not. We'll leave that to whomever needs to figure out credit.
For detailed information on the history of this, you can read my coverage at Wi-Fi Networking News in the Security category.
For the purposes of this AirPort blog, I advise everyone running Mac OS X 10.3 (Panther) or 10.4 (Tiger) to use Software Update to install the appropriate AirPort patches immediately. These patches should make it currently impossible (to the best of Apple's ability to test) to use this entire category of attack to crash or hijack a Mac. Apple says no exploit code was found, but that these patches obviate any future exploitation of this kind.