Hackers Launched Code for Apple’s Flaw
On October 1, 2006, the developer of security tool Metasploit, HD Moore, posted the code on 'Month of Kernel Bugs', a new blog. It is designed using Moore's own project, 'Month of Browser Bugs'. This project revealed 1 new browser susceptibility every day in July. The 'Kernel Bug' project was introduced in reference to a dispute over the products of Apple and started at 'Black Hat USA' conference around 3 months age.
The newly launched code uses the fault in Proxim Orinoco wireless cards that are used by iMac and PowerBook computers. These computers were built between 1999-2003. If a hacker wants to launch an attack, then he has to be on the same wireless network as a susceptible Mac. The strike tries to initiate a memory corruption fault by dispatching a deformed data packet to computer. But this operation is not easy. Moore has not been able to completely control a susceptible Mac, yet.
Moore stated that the flaw affects the older hardware only. It will be difficult for this to change into a remote code prosecution abuse but it is surely possible. It is just a matter of motivation and time. The existing proof-of-concept stimulates a lethal kernel fear and impels the users to power cycle their system.
Kernel is possibly the most crucial and basic part of any computer because it takes care of the information transfer between software and hardware on the system, among other functions. Any fault in kernel is a serious threat but those that can be exploited remotely are highly dangerous. This is because a hacker can use them to topple the system security completely, generally regardless of the presence of the security programs on the victim's system.
Lynn Fox, spokesperson, Apple stated in an e-mail that Apple is looking into the matter. This problem influences a small proportion of Airport-enabled Macs of previous generation. It cast no effect on the presently shipping or Airport-enabled Macs.
Apple has fixed several faults in its wireless gadgets and is currently working on security problems with SecureWorks.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 03-11-2006