A claimed security hole in Apple's MacBook has been exposed as a misrepresentation.
Earlier this month, a researcher at SecureWorks said he had revealed a vulnerability in the laptop's wireless software driver that would allow him to take control of the machine. There was a vulnerability but it was exploited by using a third-party wireless driver rather than the one that ships with the MacBook.
"Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is," said an spokeswoman. "To the contrary, the SecureWorks demonstration used a third party USB 802.11 device - not the 802.11 hardware in the Mac - a device which uses a different chip and different software drivers than those on the Mac. Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship."
SecureWorks researcher David Maynor and "Johnny Cache" demonstrated the vulnerability at the Black Hat conference using a MacBook. Maynor told the Washington Post at the time that they demoed the flaw on the Mac because of the "Mac user base aura of smugness on security".
SecureWorks' website has been updated since the demonstration to reflect that fact a third-party driver had been used in the demonstration:"Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver - not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."
Only yesterday, Cisco put a big questionmark over another claimed security hole in its firewall. Despite claiming that it was "really easy" to exploit, Cisco has so far been unable to replicate the problem.
Earlier this month, a researcher at SecureWorks said he had revealed a vulnerability in the laptop's wireless software driver that would allow him to take control of the machine. There was a vulnerability but it was exploited by using a third-party wireless driver rather than the one that ships with the MacBook.
"Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is," said an spokeswoman. "To the contrary, the SecureWorks demonstration used a third party USB 802.11 device - not the 802.11 hardware in the Mac - a device which uses a different chip and different software drivers than those on the Mac. Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship."
SecureWorks researcher David Maynor and "Johnny Cache" demonstrated the vulnerability at the Black Hat conference using a MacBook. Maynor told the Washington Post at the time that they demoed the flaw on the Mac because of the "Mac user base aura of smugness on security".
SecureWorks' website has been updated since the demonstration to reflect that fact a third-party driver had been used in the demonstration:"Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver - not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."
Only yesterday, Cisco put a big questionmark over another claimed security hole in its firewall. Despite claiming that it was "really easy" to exploit, Cisco has so far been unable to replicate the problem.
0 comments:
Post a Comment