Establishing Digital Trust: Don't Sacrifice Security for Convenience
UPDATED: Apple Computer issued a security update targeting 31 flaws in its Mac OS X operating system, including a vulnerability that could open wireless users to attack. The hole in the original AirPort wireless networking card card also highlights a continuing feud between Apple and researchers over how security glitches should be revealed.
Along with the AirPort issue, Apple's security update 2006-007 addresses problems discovered in Mac OS X 10.3.9 and Mac OS X10.4.8 for both client and server versions of the operating system.
In a statement, Apple said the AirPort issue affects eMac, iBook, iMac, PowerBook G3 and PowerBook G4 and Power Mac G4 systems. Unlike the original AirPort device, which supports both 802.11b/g, newer AirPort Extreme cards are 802.11g-only and are unaffected by the vulnerability.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i Secunia, a security site, ranked the vulnerability as "moderately critical," saying it allows hackers to launch denial-of-service attacks on wireless users. The problem lies in how the original AirPort card responds while scanning for active wireless connections, according to Secunia.
Apple credited HD Moore of Metasploit with reporting the flaw.
This week's patch follows an August Mac OS X security update that addressed 21 potential exploitable vulnerabilities.
Although McAfee and others have reported a rise in the number of vulnerabilities discovered in Mac OS X, exploits are not also increasing, Gartner's John Pescatore told internetnews.com. Few companies store credit card numbers on Macs, Pescatore said. "It's not like hackers are going to attack the graphics department."
Yankee Group analyst Andrew Jaquith also cautioned against overreacting. "You should not turn up your threat meter to Def-Con Five," he added.