Apple Issues Security Patches

Something that doesn’t happen near as much as it does with Windows, Apple released three security patches today, here, to see other security updates, go here.

The first, CVE-2006-3507, affects Power Mac, PowerBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini, the second, CVE-2006-3508, affects, Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless, and the third, CVE-2006-3509, affects Intel-based Mac mini, MacBook, and MacBook Pro computers equipped with wireless.

Impact: Attackers on the wireless network may cause arbitrary code execution

Description: Two separate stack buffer overflows exist in the AirPort wireless driver’s handling of malformed frames. An attacker in local proximity may be able to trigger an overflow by injecting a maliciously-crafted frame into a wireless network. When the AirPort is on, this could lead to arbitrary code execution with system privileges. This issue affects Power Mac, PowerBook, iBook, iMac, Mac Pro, Xserve, and PowerPC-based Mac mini computers equipped with wireless. Intel-based Mac mini, MacBook, and MacBook Pro computers are not affected. There is no known exploit for this issue. This update addresses the issues by performing additional validation of wireless frames. Source: Apple