blech:
posted on 2006/11/02 08:37
You know it's going to be one of those days when you wake up and find that John Gruber's linked list has swelled alarmingly.
Today, it's largely reaction to the Month of Kernel Bugs first proof of concept, an AirPort 802.11 probe response kernel memory corruption exploit.
The Apple Airport driver provided with Orinoco-based Airport cards (1999-2003 PowerBooks, iMacs) is vulnerable to a remote memory corruption flaw. When the driver is placed into active scanning mode, a malformed probe response frame can be used to corrupt internal kernel structures, leading to arbitrary code execution.
As the summary notes, this is only for 802.11b supporting Macs; that's more likely to be iBooks than iMacs, although the latter did have the right slot.
The Tidbits response seems largely sane, too.
However, I see an issue with the final point.
No Mac shipped starting in 2003 nor older Macs without active scanning enabled are known to be vulnerable. I'm guessing Apple patches this relatively quickly for Mac OS X 10.3 and 10.4 users
... but how many machines from before 2003 will be running 10.3? I bet a lot will be running Mac OS 9 still. Does the exploit work against that?
I also worry that a lot of those machines will still be running 10.2 or earlier. I don't entirely trust the stats from people like OmniGroup that indicate the percentage is vanishingly small.
We hate you all. Yes, especially you. Sod off and DIE