squid7
Premium
join:2006-09-02
 ·Cox HSI
edit:
October 2nd, @03:00PM
| Vulnerability?
I must be mistaken but I thought they found a so-called flaw by using hacked drivers for non-Apple hardware...a fact that they overlooked when first bringing this vulnerability up. From what I understand the OEM drivers don't have the vulnerability.
They were able to take over a machine that they had installed the hacked drivers and USB wireless adapter on.
Is that really a vulnerability? |
|
Matt
Running Free
Premium
join:2003-07-20
Jamestown, NC
 ·North State Commun..
 ·Corporate Colocation
| said by squid7  :I must be mistaken but I thought they found a so-called flaw by using hacked drivers for non-Apple hardware...a fact that they overlooked when first bringing this vulnerability up. From what I understand the OEM drivers don't have the vulnerability. They were able to take over a machine that they had installed the hacked drivers and USB wireless adapter on. Is that really a vulnerability? Yes, it's really a vulnerability: »docs.info.apple.com/article.html···m=304420 |
|
squid7
Premium
join:2006-09-02
·Cox HSI
edit:
October 2nd, @03:19PM
| I'm confused then...if this vulnerability is in OEM drivers, why did they need hacked drivers or otherwise modify a Macbook to demonstrate this?
Shouldn't they have been able to demonstrate the existance of this vulnerability on an out of the box Macbook rather than a modified one as reported by Secureworks.
quote:
"This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers," the disclaimer says. "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver--not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."
So is Apple patching a non-Apple driver? |
|
squid7
Premium
join:2006-09-02
edit:
October 2nd, @03:23PM
| nm |
|
Matt
Running Free
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
·Corporate Colocation
| reply to squid7
said by squid7 :I'm confused then...if this vulnerability is in OEM drivers, why did they need hacked drivers or otherwise modify a Macbook to demonstrate this? Shouldn't they have been able to demonstrate the existance of this vulnerability on an out of the box Macbook rather than a modified one as reported by Secureworks. quote:
"This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers," the disclaimer says. "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver--not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."
So is Apple patching a non-Apple driver? Did you read the link? Apple patched the AIRPORT. |
|
squid7
Premium
join:2006-09-02
·Cox HSI
edit:
October 2nd, @03:52PM
| Did you read Secureworks' statement?
quote:
...was exploited through a third-party wireless device driver--not the original wireless device driver that ships with the MacBook.
Cache demoed this using modified 3rd party drivers, not OEM Airport drivers. In order to accomplish what Cache accomplished in his demo, Cache would have had to obtain possession of the victims Macbook, installed his hacked drivers and USB device and return it without the victim noticing. Hardly a realistic vulnerability...expecially considering that all Macbooks include Airport Extreme (not 3rd party) hardware. Seems to me that if Cache was on the up and up he should have demoed this on an OEM Macbook if such a vulnerability existed as he claimed rather than try and pass this off as an easy OEM vulnerability. |
|
yabos
join:2003-02-16
Ingersoll, ON
| reply to Matt
Maybe you should read this link
»www.macworld.com/news/2006/09/29···ndex.php
"Apple released an update for its wireless drivers one week ago, but said that no known exploits existed for the issues addressed in the update"
and this link
»www.macworld.com/news/2006/09/21···ndex.php
"Apple said the issues found were the result of an internal audit of the software drivers and that no known exploits exist for the issues addressed in this update.
The internal audit came as a result of claims by a senior researcher at SecureWorks that said he had revealed a vulnerability in Apple’s MacBook wireless software driver that would allow him to take control of the machine. SecureWorks later clarified its position and said it had used a third-party driver and not Apple’s driver.
Apple has maintained that SecureWorks has provided no proof that Mac drivers are vulnerable in any way.
“They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit,” Apple spokesman, Anuj Nayar, told Macworld. “Today’s update preemptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac.”" |
|
leedeeda
@verizon.net | The mac community will never believe the truth because they're obscured by what security really is, just like the company they so well support. |
|
squid7
Premium
join:2006-09-02
·Cox HSI
edit:
October 2nd, @05:17PM
| And the 'truth' is what? That OS X vulnerabilities are being exploited? That OS X vulnerabilities don't get patched? Apples are for hippies?
What mysterious truth that escapes us Apple users are you referring to 'cause none of the above seems to be true? ...except maybe the hippie part. |
|
Matt
Running Free
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
·Corporate Colocation
edit:
October 2nd, @05:26PM
| reply to squid7
Yes, I have followed this closely. Do you understand what Cache did to accomplish this attack?
If so, compare that to this "fix" from my link by Apple for the Airport:
AirPort
CVE-ID: CVE-2006-3508
Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7
Impact: Attackers on the wireless network may cause system crashes, privilege elevation, or arbitrary code execution
Description: A heap buffer overflow exists in the AirPort wireless driver's handling of scan cache updates. An attacker in local proximity may be able to trigger the overflow by injecting a maliciously-crafted frame into the wireless network. This could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issue by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4. |
|
JakCrow
join:2001-12-06
Palo Alto, CA | reply to squid7
Airport Extreme hardware is just rebadged OEM stuff. They were using Broadcom last time I looked. |
|
squid7
Premium
join:2006-09-02
·Cox HSI
edit:
October 2nd, @07:09PM
| reply to Matt
Again, why did Cache need to hack 3rd party drivers to demo this? Certainly if this is a true vulnerability he could have done this with an out of the box Macbook using OEM drivers and hardware as he originally implied until his cover was blown. It's because the vulnerability they were trying to demo DIDN'T EXIST in Apple's drivers which Secureworks admits.
From where I'm sitting based on the articles I've read, Cache didn't uncover or demo a vulnerability in Apple's OEM Airport driver which Secureworks later owned up to.
Cache made up this bullcrap demo...Apple audited their code. Meanwhile Cache's claims were shown to be bullcrap and Secureworks put out the disclaimer noting it was bullcrap. Apple's code audit turned up something else worth patching even though no exploit for it existed.
Cache didn't "prove" anything. He is a fraud who tried to damage Apple's reputation and was caught. Now he's suddenly surprised that people treat him like the fraud that he is.
|
|
squid7
Premium
join:2006-09-02
·Cox HSI
edit:
October 2nd, @07:08PM
| reply to JakCrow
said by JakCrow :Airport Extreme hardware is just rebadged OEM stuff. They were using Broadcom last time I looked. Cache's claimed vulnerability didn't exist in Apple's OEM drivers. Which is the whole point. He set up this demo failing to disclose that he used hacked 3rd party drivers. Only later was this stunt discovered and Secureworks had to add the disclaimer.
The course of events is simple.
David Maynor and Jon Ellch fake vulnerability demo using hacked 3rd party drivers in their modded Macbook.
Apple freaks out and starts auditing code.
Maynor and Ellch's stunt is uncovered and Secureworks has to back off their claim and admit that the duo used purposely 'flawed' drivers for the demo and that THE VULNERABILITY CLAIMED BY MAYNOR AND ELLCH DID NOT EXIST IN APPLE'S OEM DRIVERS.
Apples internal code audit turns up possible issues which are promptly patched despite no exploit actually existing.
Apple is pissed at the duo for faking this stunt hurting Apple's reputation and haunts them everywhere they go.
|
|
leedeeda
@verizon.net
| reply to squid7
The sort of 'truth' not even Apple is willing to believe is that they are not immune to hacks, your sarcasm seems to show how much you believe of this. Many articles emphasise that Apple is no more secure than any other system because there are not as many people using Apple's as PC's. There is no truth that Apple is for hippies, the truth, Apple is preaching security through obscurity, i.e commercials, silencing hackers, toorcon, blackhat, what else are they doing that's UNKNOWN? |
|
Phattieg
join:2001-04-29
Jacksonville, FL
 ·Verizon Wireless B..
·Sprint Mobile Broa..
| reply to squid7
Did you ever stop to think that the 3rd party drivers/hardware enabled the attacker to exploit, hence, the driver allows "specially crafted frames" to be pushed thru the router, across the network. As a result, it's possible for the exploit to affect OEM hardware. Why else would a company try to stop them from talking about it.
So, to sum up again what I just said. If you put a 3rd party WiFi NIC on your Mac without the Intel processor, preferably Broadcom, and install 3rd party drivers to make it work, you can send specially crafted packets to a "victim" Mac, via the AirPort, and cause it to crash, reboot, or in general compromise the other system, regardless of if the "victim" has a 3rd party NIC & Drivers, or not. The 3rd party NIC probably wouldn't work under normal circumstances, but with these drivers, not only does it make it work, but it allows things to be sent that normally would be rejected by "factory" firmware on the AirPort. They had to patch the AirPort so that this could not be accomplished anymore. Don't you see, "Cache" and friends are able to control your Mac (without the Intel processor), even though you use a Mac WiFi NIC, and not the same Broadcom as theirs. Thats what is eluding me in the "press releases". I bet if these guys dig deeper, they might find a bigger problem, so Apple wants them quieted.
--
SIPPhone/Gizmo # 17476200648 / PIMPNET Chatline / Ran by Asterisk & Slackware 10.1. |
|
ifarrell
join:2000-08-10
Willow Spring, NC | reply to squid7
PLEASE DON'T FEED THE TROLL |
|
squid7
Premium
join:2006-09-02
·Cox HSI
edit:
October 2nd, @10:03PM
| reply to Phattieg
But the problem is they weren't even standard 3rd party drivers Cache used in his antics...they were hacked 3rd party drivers.
No one has demoed the exploit you propose, no exploits exist for what Apple recently patched. What you propose was possible never happened from what I've read in these articles.
What people here seem to keep missing is that Cache's demo was a complete fraud...staged for the press using hacked 3rd party drivers; not Apples OEM drivers, not anyones standard 3rd party drivers...only hacked drivers intentionally flawed to permit the exploit claimed in the demo.
Cache didn't demo an exploit Apple addressed in their recent patch (he didn't demo anything). Apple's recent patch was a result of a code audit, not some discovery by Cache.
So what we're discussing here are 2 different issues. Johnny Cache...the fraud who never demoed an actual exploit and Apple who has shown to have yet again taken proactive measures in issuing a patch for something that could have otherwise possibly been exploited; and who is now chasing Cache around like a disgruntled ex-girlfriend and IMO rightly so. Cache should be chased into obscurity for the B.S. he and his buddy did. |
|
envoid
join:2002-12-21
Duluth, GA | reply to Phattieg
Basically, they needed to hack the driver to show the security issue because originally it is not quite accessible yet still there in the code. Right? |
|
squid7
Premium
join:2006-09-02
·Cox HSI
| reply to leedeeda
said by leedeeda :
The sort of 'truth' not even Apple is willing to believe is that they are not immune to hacks, your sarcasm seems to show how much you believe of this. Many articles emphasise that Apple is no more secure than any other system because there are not as many people using Apple's as PC's. There is no truth that Apple is for hippies, the truth, Apple is preaching security through obscurity, i.e commercials, silencing hackers, toorcon, blackhat, what else are they doing that's UNKNOWN?
I guess you missed that the so-called hackers at Blackhat had to resort to staging a bogus demo »Can't find a flaw? Create one! using their own hacked 3rd party drivers to take over a Macbook. They couldn't do it with Apple's own drivers or even standard 3rd party drivers. »www.tuaw.com/2006/08/18/securewo···ss-hack/ They had to modify and install custom drivers to specifically permit the exploit. Ooops. I guess they missed all of these other exploits just waiting to be discovered in OS X and had to manufacture one of their own. |
|
squid7
Premium
join:2006-09-02
·Cox HSI
| reply to envoid
Then it's not a vulnerability. They acted like an off the shelf Macbook was vulnerable. They convenienly omitted that they not only used non-Apple drivers, but modified non-Apple drivers and non-Apple hardware to perform this bogus demo. Even Secureworks admits that shipping Apple drivers were not vulnerable and they also admit they did not find the flaw in the code that Apple patched. Apple found their flaw as a result of a code audit and patched it before it was ever exploited. »www.tuaw.com/2006/08/18/securewo···ss-hack/
Anyone can rewrite drivers to manufacture a vulnerability where none exists. |
|
