Attacker Eventually Publishes Details of His Mac Exploit
David Maynor, after over a year of asserting to have come to know the way to take control of a Macintosh PC by exploiting vulnerability in the wireless card of the system, published the information of his exploit. PCworld reported this on September 18, 2007.
The September edition of Uninformed.org, a magazine on computer hacking, published a paper that included the exploit details. The paper described the process of executing an unauthorized program on a Mac by exploiting a flaw in the AirPort wireless drivers of Apple.
During a presentation in August 2006 at the Black Hat security conference in Las Vegas, Maynor had said he knew how to control a Mac computer with the help of a flaw in the wireless card of the system.
Apple fans waded into Maynor because he did not reveal the technical details of the hacking process. According to them, this kind of attack could never happen because there were no security bugs in Mac, as per the sayings of Steve of Cappuccino.
Apple repaired the bug but did not credit Maynor. According to the software maker, it was Apple who discovered the bug and it need not require paying heed to Maynor's notification sent to them.
In the publication of his hacking details, Maynor explained that he could not disclose it earlier because he had signed a Non-Disclosure Agreement (NDA). He declined to name the party with whom he had signed the NDA but said it was no longer valid.
On 18 September 2007, PCWorld reported that Maynor disclosed, during the demonstration at the Black Hat, he came across similar kind of wireless bugs in many wireless cards, one of which was Apple's AirPort. He had even worked with a third-party card there because it was least offensive.
By publicizing the information details, Maynor is hoping that it would help Apple researchers to document on the Mac OS X kernel core dumping utility and Wi-Fi debugging. The paper is full of fascinating information and individuals doing vulnerability study on Apple would find it useful, he added.
In a second paper on Uninformed.org, Maynor plans to explain the way to create software that would run on a hacked system, he said.
Related article: Attackers Use Another ‘Word Flaw’ To Plant Trojan
» SPAMfighter News - 08-10-2007