Submit Your Article
Apple has released a security update for Airport Extreme as follows:
AirPort
CVE-ID: CVE-2006-6292
Available for: Mac OS X v10.4.8, Mac OS X Server v10.4.8
Impact:
Attackers on the wireless network may cause system crashes
Description:
An out-of-bounds memory read may occur while handling wireless frames. An attacker in local proximity may be able to trigger a system crash by sending a maliciously-crafted frame to an affected system. This issue affects the Core Duo version of Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Other systems, including the Core 2 Duo versions are not affected. This update addresses the issue by performing additional validation of wireless frames. Credit to LMH for reporting this issue.
Note:
The security fix described above (CVE-2006-6292) was originally released in AirPort Extreme Update 2007-001. The identical fix is also present in AirPort Extreme Update 2007-002, which contains an additional non-security fix for a compatibility issue when using certain third-party access points configured to use WEP. Systems which installed AirPort Extreme Update 2007-001 are correctly patched for CVE-2006-6292. Installing AirPort Extreme Update 2007-002 is recommended to obtain the additional compatibility fix. Affected systems that have not yet applied AirPort Extreme Update 2007-001 should apply AirPort Extreme Update 2007-002.
I have installed the updated with no problems – the update required a restart of the machine.
Get it from Apple Support Downloads or via your Software Update.
This is a 6.5 MB download
