Link to jump to start of content The Seattle Times Company Jobs Autos Homes Rentals NWsource Classifieds
The Seattle Times Columnists
Traffic | Weather | Your account Movies | Restaurants | Today's events

Saturday, November 18, 2006 - Page updated at 12:00 AM


Practical Mac

Wireless vulnerabilities are a bit troubling

Special to The Seattle Times

Macs are not invulnerable to attack, just highly resistant. To date, several viruses have attempted and failed to spread on the Mac; some were just trying to prove that weaknesses existed at all in Mac OS X.

For these viruses to do damage, they required certain options to be set or that users disregard all sense. Apple has since updated Mac OS X 10.3 (Panther) and 10.4 (Tiger) to fix the flaws.

More troubling, however, are three wireless vulnerabilities released or documented since August that can crash or hijack a Mac. They show, in contrast to the viruses, that the Mac's resistance shouldn't be mistaken for a superpower.

But there's a great difference between a virus, software tailored to run on a computer, and an outside attack. They have different potential for harm; Apple has well protected its users from the former, but the latter has emerged as a surprising, but not yet critical problem.

A computer virus' function can range from mere passive installation with no actual behavior to as much as the purposeful destruction of all the data on your hard drive. A worm can take that virus and spread it to nearby machines or through an Internet connection to the rest of the world.

Apple built resistance into Mac OS X by avoiding some pitfalls that Microsoft Windows has had since the release of Windows 95, and which the company has only comprehensively overcome with its Windows XP Service Pack 2 (SP2) release.

Under Windows, a virus can attach itself through e-mail, when a browser visits a malicious or hijacked Web page, or through improperly battened-down hatches — that is, programs that listen to network traffic but have flaws that can be used for entry into the system.

Apple managed to prevent its own and other vendors' e-mail program from being fooled into launching programs that arrive as attachments. Its own browser, Safari, along with the Mac versions of Firefox and Opera, to name two, have kept bad Web pages from causing problems elsewhere in Mac OS X.

And Apple has kept the door barred to network attacks from the first release of Mac OS X, and that's eliminated one of the most potent pathways into exploiting a computer. (Patches released by Microsoft this week show the company's work paying off: While it's fixing a hole in its file system and printing service found in both Windows 2000 and XP, the flaw is only realistically exploitable on the older 2000 system.)

These three categories of vectors all involve attacks over a network or via a network. But the recent wireless exploits are attacks on a network that require close physical proximity to execute, but which can produce quite terrible results.


Over the summer, two researchers seemed to state that they found a way to send bad batches of data to any Wi-Fi adapter attached to a computer running Mac OS X and gain control of that computer. Later events have made it hard to sort out what they found and when they reported it.

But, nonetheless, Apple released patches in September that fixed certain categories of Wi-Fi attacks that Apple said it hadn't actually seen demonstrated, but which their review of the programming code showed could have allowed a hijack of a Mac. The patches covered PowerPC and Intel Macs, with an extra patch for third-party Wi-Fi adapters attached to an Intel Mac.

In October, the developer who alerted Apple to a weakness in its Bluetooth drivers early this year released a revised version of his proof of concept called Inqtana.D ("D" for the fourth version). With a Panther machine that hasn't had a system-software update since mid-2005, or a Tiger machine running 10.4.6, this exploit could quickly install an administrator account with full system access.

Finally, on Nov. 1, a project to expose fundamental problems in operating systems released the necessary pieces to attack an AirPort Card-equipped Mac, and, at the very least, crash that computer. The project coordinators claim their exploit might be modified to allow hijacking a Mac, too.

AirPort Cards could be installed in Macs shipped between 1999 and 2002, when Apple switched to AirPort Extreme, a faster flavor that's unaffected by this particular problem. At this writing, Apple hasn't released a patch.

The likelihood of being attacked wirelessly is relatively low, but the consequences are high. And firewalls and anti-virus software don't currently protect against this category of wireless exploit.

I don't ask that we all put on tinfoil hats, turn off our wireless connections, and live in fear. But there's a lot more attention being paid to Mac OS X now, and a little more vigilance is needed.

Glenn Fleishman writes the Practical Mac column for Personal Technology and about technology in general for The Seattle Times and other publications. Send questions to More columns at

Copyright © 2006 The Seattle Times Company


More Practical Mac headlines...

Most read articles

Most e-mailed articles



More shopping