 knightmbEverybody Lies
join:2003-12-01
Franklin, TN | The flaw is still there of course..... The flaw was suppose to be in the device drive and it still is, just not the default one the mac came with. It's still a valid problem they demonstrated, which is, don't let the OS give too much trust to a device driver.
If plugging a USB drive into a windows laptop gave you full control of it all of a sudden, expect a lot of media coverage for that. Then later of course, they show they "modded" the USB drive to exploit some kind of USB device driver related code for Windows and every yells fake.
This isn't the time to yell fake. It's still a valid problem for the Mac (and Windows and everything else that gives device drivers root access).
So.... points for bringing up problem, sure. Minus points for "rigging" the test to make it look spectacular, certainly. The problem still exist though and anything as easy as “plug it in real fast and take over” is still a major problem for Mac user that is using the same chipset they demonstrated with. The real problem this bring up, when “that” chipset is finally found out, how many Mac users will bother to upgrade the software to defend against it? Will it be part of a Mac update? How will Microsoft respond if the same chipset is available for a Windows machine? |
yabos
join:2003-02-16
London, ON | Device drivers are loaded into the kernel so that's how the flawed driver can be exploited to gain root access. Plus they had to install a rootkit first before they could even exploit the 3rd party driver. The problem with their demo was they said how every Mac was vulnerable which wasn't true since it's highly unlikely they'd be using this 3rd party wireless card. All Apple laptops have built in wireless cards so there's not much of a need to use another card.
Since they say the same problem can happen on Windows, how many Windows users will update their drivers? Microsoft doesn't usually distribute 3rd party drivers and neither does Apple. |
