Apple: Airport Security Update NOT About DefCon Exploit

Couple things, kiddies: If you use Airport or have an Airport Card, run Software Update immediately or head here to install Security Update 2006-005. This is a major security update to fix some pretty serious vulnerabilities left open by Apple's Airport implementation. I've linked the Apple Info doc above, but it uses terms like "arbitrary […]
Image may contain Symbol

All products featured on WIRED are independently selected by our editors. However, we may receive compensation from retailers and/or from purchases of products through these links.

Couple things, kiddies: If you use Airport or have an Airport Card, run Software Update immediately or head here to install Security Update 2006-005.

This is a major security update to fix some pretty serious vulnerabilities left open by Apple's Airport implementation. I've linked the Apple Info doc above, but it uses terms like "arbitrary code execution" and "stack buffer overflows," so just update if you're not into ACE and SBO, as I like to call them.

The more interesting side of this is that Apple is strictly denying that these flaws were present in the alleged exploit that the guys at SecureWorks claimed to demonstrate at DefCon, and which John Gruber has been proving fraudulent since.

As a matter of fact, Apple told MacWorld, these flaws were found in an internal audit by Apple initiaited because of the SecureWorks publicity, but had no other connection to that bit of hysteria:

“They did not supply us with any information to allow us to identify a specific problem, so we initiated an internal audit,” Apple spokesman, Anuj Nayar, told Macworld. “Today’s update preemptively strengthens our drivers against potential vulnerabilities, and while it addresses issues found internally by Apple, we are open to hearing from security researchers on how to improve security on the Mac.”

So there you go. A hole was filled either way. My download's in progress. Is yours?

Thanks, Andrew!