123Macmini.com
 Home  News  Apple Releases Security Update 2006-005

Search Web
Search Web

Mac Mini Information
  Tech Specs
  Pictures 
  Reviews
  News
  Buyer's Guide
  Accessories

User Community
  Forums
  Log In
  Register
  Newsletter

Mac Links & Feeds
  Directory
  Essential Links
  RSS Feeds

MacMini_125x125

NewerTech miniStack V2

iPod Accessories From Handhelditems.com

iLife06

Our Info
  Contact Us
  Terms of Use



 News

Apple Releases Security Update 2006-005
Thursday, September 21, 2006 - 7:15 PM EST

Apple has released Security Update 2006-005 via Mac OS X's Software Update Utility and on the Web. According to the company, Security Update 2006-005 is recommended for all users and improves the security of the following components:

 AirPort

CVE-ID: CVE-2006-3507

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.7, Mac OS X Server v10.4.7

Impact: Attackers on the wireless network may cause arbitrary code execution

Description: Two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges. This issue affects Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected. There is no known exploit for this issue. This update addresses the issues by performing additional validation of wireless frames.

 AirPort

CVE-ID: CVE-2006-3508

Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7

Impact: Attackers on the wireless network may cause system crashes, privilege elevation, or arbitrary code execution

Description: A heap buffer overflow exists in the AirPort wireless driver's handling of scan cache updates. An attacker in local proximity may be able to trigger the overflow by injecting a maliciously-crafted frame into the wireless network. This could lead to a system crash, privilege elevation, or arbitrary code execution with system privileges. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issue by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.

 AirPort

CVE-ID: CVE-2006-3509

Available for: Mac OS X v10.4.7, Mac OS X Server v10.4.7

Impact: Depending upon third-party wireless software in use, attackers on the wireless network may cause crashes or arbitrary code execution

Description: An integer overflow exists in the Airport wireless driver's API for third-party wireless software. This could lead to a buffer overflow in such applications dependent upon API usage. No applications are known to be affected at this time. If an application is affected, then an attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into the wireless network. This may cause crashes or lead to arbitrary code execution with the privileges of the user running the application. This issue affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers are not affected. This update addresses the issues by performing additional validation of wireless frames. There is no known exploit for this issue. This issue does not affect systems prior to Mac OS X v10.4.

Apple also released the AirPort Update 2006-001. According to the company, this update improves AirPort reliability on Macintosh computers.

Post a Comment:
  Discuss
  More News
123Macmini.com Widget
123Macmini Widget 1.2






123Macmini.com has not been authorized, sponsored, or approved by Apple Computer, Inc.
All logos and trademarks in this site are property of their respective owners.
Copyright © 2006 123Macmini.com. All Rights Reserved.