It's All Over

Fanboy hopes dashed - again.

CUPERTINO (Rixstep) -- Apple have released a trio of security patches for four high impact vulnerabilities with their AirPort software. Thus ends the six week long assault on Washington Post IT security reporter Brian Krebs and the last hopes of Apple fanboys that their 'precious wonderful' system was better than secure.

The debacle started with a videotaped demonstration by Jon Ellch and David Maynor at the Black Hat conference in Las Vegas in the beginning of August. It continued with attacks on reporter Brian Krebs by John Gruber and the Apple fanboy community. It was finally resolved when Apple, as expected, were forced to patch their software.

'If you want to grab the attention of a roomful of hackers, one sure fire way to do it is to show them a new method for remotely circumventing the security of an Apple Macbook computer to seize total control over the machine', wrote Krebs on 2 August. 'That's exactly what hackers Jon Ellch and David Maynor plan to show today in their Black Hat presentation on hacking the low-level computer code that powers many internal and external wireless cards on the market today.'

Ellch and Maynor presented a video which targeted a specific security flaw in wireless drivers. They said they'd found similar flaws in drivers running Windows.

By reporting on the demonstration, Krebs grabbed the attention of more than hackers: the Apple fanboy community led by rabble rouser John Gruber launched a full assault on the Washington Post.

'So this actually has nothing at all to do with it being a Mac other than an opportunity for a Windows user to crack a smirk', wrote one poster at Krebs' site. 'We use Macs because they're lovely machines to work with. Smugness implies that we think we are somehow better than the people that use Windows? Well, that's not the case', wrote another smug fanboy.

'To date no virus, no worm, no malware, no spyware has been successfully launched and spread against OS X', wrote another fanboy not up on the news.

'OS X is based on FreeBSD and FreeBSD is a very secure system. A lot of porn sites use FreeBSD because it's so secure', wrote another wannabe fanboy guru. 'Brian, anxious to denigrate Mac security, fails to put this exploit in perspective', wrote another of the gray shirts.

Gray Shirt Venom

And then the venom started coming out.

'Wow! Integrity? Nope. Honesty? Nope. Journalists like yourself maybe bring visitors but in the long run I'll never view or care anything about this publication again. You have done nothing but lie and misrepresent the truth', wrote the well programmed Michael Staton. 'Personally you should lose your job for misrepresenting the facts. But I for one will never visit your publication again.'

'Mr Krebs should get his facts together before writing about something he doesn't know about' wrote poster Ted. 'I've seen photos of both of you together, so it's obvious you both have a relationship of being friends. So naturally you're going to side with him without using your journalistic skills.'

'I should remember from now on never to trust anything Krebs writes' wrote poster Jim. 'A 12-year-old kid could be better a research than you, Krebs. [sic]'

The Security Update

Gruber followed up this attack by issuing a 'challenge' to Ellich and Maynor. It was of course never answered, and then on 19 September Apple poured salt into the fanboy wounds when they finally released the requisite patches.

• AirPort
  
  CVE-ID: CVE-2006-3507
  
  Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7
  
  Impact: Attackers on the wireless network may cause arbitrary code execution
  
  Description: Two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges. This issue affects Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected. There is no known exploit for this issue. This update addresses the issues by performing additional validation of wireless frames.

• AirPort
  
  CVE-ID: CVE-2006-3508
  
  Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7
  
  Impact: Attackers on the wireless network may cause system crashes, privilege elevation, or arbitrary code execution
  
  Description: A heap buffer overflow exists in the AirPort wireless driver's handling of scan cache updates. An attacker in local proximity may be able to trigger the overflow by injecting a maliciously-crafted frame into the wireless network. This could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issue by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.

• AirPort
  
  CVE-ID: CVE-2006-3509
  
  Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7
  
  Impact: Depending upon third-party wireless software in use, attackers on the wireless network may cause crashes or arbitrary code execution
  
  Description: An integer overflow exists in the Airport wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage. No applications are known to be affected at this time. If an application is affected, then an attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into the wireless network. This may cause crashes or lead to arbitrary code execution with the privileges of the user running the application. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issues by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.

It's All Over

Despite the vehement rhetoric and vitriolic attacks on Brian Krebs, Krebs was ultimately proved right as security experts expected all along. John Gruber continues to spew out poorly written boring meaningless diatribes meant to defend both his kiddie platform of choice and his earlier gaffes, and the Apple fanboy community are not about to issue Krebs an apology.