So Apple issued an update for the Mac wireless drivers to prevent a buffer overflow, but denies SecureWorks provided them anything useful.
Right. We believe you. Got it. You “just happened” to discover exactly the kind of vulnerability that Maynor and Ellch demoed, but they were evil, uncooperative bad guys for hinting they might be there. Considering SecureWorks works responsibly with all sorts of other vendors in the market I suspect the anger may be a tad misplaced.
Come on Apple; all software has vulnerabilities. It’s time to stop putting PR in charge of vulnerability management.
To quote the Macworld article linked above:
The internal audit came as a result of claims by a senior researcher at SecureWorks that said he had revealed a vulnerability in Apple”s MacBook wireless software driver that would allow him to take control of the machine. SecureWorks later clarified its position and said it had used a third-party driver and not Apple”s driver. Apple has maintained that SecureWorks has provided no proof that Mac drivers are vulnerable in any way. “They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit,” Apple spokesman, Anuj Nayar, told Macworld. “Today”s update preemptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac.” According to the update issued by Apple, two separate stack buffer overflows exist in the AirPort wireless driver”s handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges.
It seems Apple also found some flaws in PowerPC systems, not just Intel Macs. At least the research spurred by Maynor and Ellch’s Black Hat/Defcon disclosures is improving security across the entire Mac product line.
But seriously- stop the security PR game or you’ll end up like Microsoft a few years ago…
edited 11pm : just want to state that based on additional information I believe it’s quite probable specific vulnerability details, especially on PPC, were discovered independently via Apple’s internal audit. My criticism is of the vitriolic handling of the situation when I believe this could have been resolved more quickly and responsibly had Apple played less with PR, and more with the researchers who obviously found something.