Some vulnerabilities have been reported in AirPort, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

1) Two boundary errors exist in the handling of malformed wireless network frames. These can be exploited to cause a stack-based buffer overflow by sending a malicious frame to the system, and may allow arbitrary code execution with system privileges.

The vulnerability affects the following products equipped with wireless:
* Power Mac
* PowerBook
* iBook
* iMac
* Mac Pro
* Xserve
* PowerPC-based Mac mini

2) A boundary error exists in the AirPort wireless driver's handling of scan cache updates. This can be exploited to cause a buffer overflow by sending a malicious frame to the system and may lead to a system crash, privilege elevation, or execution of arbitrary code with system privileges.

3) An integer overflow exist in the AirPort wireless drivers API for third-party software, which may lead to a buffer overflow in applications using the API. This can be exploited to cause a buffer overflow by sending a malicious frame to the system and could crash the application or lead to arbitrary code execution with privileges of the user running the application.

Vulnerabilities #2 and #3 affect Intel-based Mac mini, MacBook, and MacBook Pro equipped with wireless and does not affect systems prior to Mac OS X v10.4.

Solution
Apply Security Update 2006-005 or AirPort Update 2006-001:
Further details available in Customer Area

Provided and/or discovered by
Reported by the vendor.

Original Advisory
http://docs.info.apple.com/article.html?artnum=304420

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area