Apple on Jan. 25 shipped an Airport security update to fix a kernel panic issue that could allow attackers to cause system crashes.
The Cupertino, Calif., company’s fix comes almost two months after the issue was first flagged in the MoKB (Month of Kernel Bugs) project in November 2006.
Apple credited the anonymous researcher known only as L.M.H. for reporting the issue. This comes one day after the release of a QuickTime update to fix a flaw exposed by L.M.H., but in that instance Apple did not acknowledge the controversial researcher.
Apple’s Airport update fixes an out-of-bounds memory read that occurs during the handling of certain beacon frames.
“An attacker in local proximity may be able to trigger a system crash by sending a maliciously-crafted frame to an affected system,” Apple said in an advisory. The update is available for Mac OS X v10.4.8 and Mac OS X Server v10.4.8.
The bug affects the Core Duo version of Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Other systems, including the Core 2 Duo versions, are not affected, Apple officials said.