SecureWorks, Apple Enter Into Relationship

| News

SecureWorks, which in August claimed to find a flaw in Windows and Mac OS X wireless networking that enabled attackers to take over computers, on Friday said that it is working with Apple on the issue. According to Macworld, SecureWorks issued a statement that said: "SecureWorks and Apple are working together in conjunction with the CERT Coordination Center on any reported security issues."

The firm added: "We will not make any additional public statements regarding work underway until both companies agree, along with CERT/CC, that it is appropriate." SecureWorksi researchers, David Maynor and Jon "Johnny Cache" Ellch, were supposed to speak at an event last weekend but cancelled the appearance. Mr. Ellch appeared anyway and gave a speech in which he said, in part: "Dave very much wanted to be here. The fact that Secureworks/Apple managed to compel him not to means that they must have had something very compelling to stop him. Iim not supposed to talk about what that is." He accused both companies of being unprofessional.

In August, SecureWorks released a video that showed Mr. Maynor exploiting a supposed flaw in a MacBook that was using a third-party wireless networking card. He said that the issue existed in Appleis AirPort driver too, but never demonstrated that claim, which was made during the Black Hat conference in Las Vegas.

Fifteen days later, Apple responded with this statement: "Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is. To the contrary, the SecureWorks demonstration used a third party USB 802.11 device -- not the 802.11 hardware in the Mac -- a device which uses a different chip and different software drivers than those on the Mac. Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship."

SecureWorks later updated its Web site with this disclaimer: "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver -- not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."

No Comments

Log-in to comment