The first flaw isn’t all that interesting (affecting older PowerBooks, and only under certain conditions) but methinks November will be pretty darn interesting:

More later, but the nasty ones to watch out for will, I expect, generally be either for wireless drivers (like this one), or file systems (and make nasty USB keys with).

Remember, these all run in ring 0 and can do pretty much whatever they want.

For the record, I really don’t like full disclosure of 0 days like this, but I suppose it will draw needed attention to a nasty issue. I’d prefer to see it handled more responsibly than dumping code on the Internet.

(Updated 9/2: I was reminded that deauthenticating a mac using something like Void11 or KisMac can cause the vulnerable condition).