Headline Feeds
Apple (Nasdaq: AAPL) has patched two vulnerabilities in its AirPort Extreme Base Station with 802.11n routers.
The more troubling flaw is a default configuration that exposes incoming IPv6 connections and network services on hosts connected through an AirPort Extreme Base Station with 802.11n to remote attackers.
"What that means is that a hacker can configure his laptop and -- when in close proximity outside -- can hack into a system," Amol Sarwate, vulnerability research lab manager at Qualys, told MacNewsWorld.
Certainly, such hack attacks have occurred in the past -- with examples ranging from neighbors stealing Internet access to download child porn to hackers stealing customers' credit card information outside retail stores.
This vulnerability is likely a sneak preview of future hack attacks through other wireless access points configured with the 802.11n standard, Sarwate said. "I do believe we will see something like this happen down the road."
Apple's update, which can be downloaded from the Apple Web site, changes the default setting to limit inbound IPv6 traffic to the local network.
The AirPort Flaw
The second flaw is in the AirPort Disk feature in AirPort Extreme Base Station. AirPort Disk allows files to be shared from a USB (universal serial bus) hard drive connected to a compatible base station. Sharing options, including password protection, are available via the AirPort Disk Utility.
This vulnerability lets users on the local network view the names of files on a password-protected disk without providing a password, according to Apple. However, they cannot access the contents of the the files.
Apple's update fixes this vulnerability by performing additional validation on AirPort Disk access requests.
This flaw is not as critical as the first, Sarwate said, since only those users who are inside an access point are able to view file names.
"That is an issue, but not as big a one as the first," he noted, "which left the network vulnerable to anyone outside."
Wireless Woes
Though it is always good to have a patch for identified flaws in a system, fixes for wireless applications can be deceptively lulling to users, commented Paul Henry, vice president of technology evangelism at Secure Computing.
"In general, wireless applications and usage are the least secure of all computer usages," he told MacNewsWorld. "These patches address vulnerabilities, yes, but there are greater risks out there."
For instance, he pointed to a new cracking tool for WEP (Wired Equivalent Privacy) -- a protocol for securing wireless LANs (local area networks) -- that can reduce the time needed to break the encryption from eight hours to 60 seconds.
With respect to Apple's fixes, Henry noted that "you can go to the Internet and on hackers' Web sites find default configuration for most wireless devices."
In other words, if someone is determined to crack a wireless device or wireless network, it is often possible.
The Weak Link
That said, this is not the first time Apple's wireless products have proven to be a weak security link. At last year's Black Hat USA conference, two security researchers demonstrated how easily they could hack into a MacBook over a wireless network. Operating from a nearby laptop, the two were able to compromise the MacBook's wireless card and device in about 60 seconds.
In a related development, Kaspersky Lab last week discovered a proof-of-concept virus that can be launched and run on an iPod.
In connection with that news, Henry predicted that USB-based devices would be a major attack vector in coming years -- disgruntled employees, he noted, are often the source of attack or corporate theft.
Interestingly, Apple's second patch is for a flaw relating to USB drives in wireless LANs.
