Lynn Fox, Appleis director of public relations, this week responded to SecureWorksi recent claims that there is a vulnerability in wireless networking shared by Mac and Windows laptops. Ms. Fox told Macworld: "Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is. To the contrary, the SecureWorks demonstration used a third party USB 802.11 device -- not the 802.11 hardware in the Mac -- a device which uses a different chip and different software drivers than those on the Mac.
"Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship."
As TMO reported on Aug. 3, SecureWorks researchers David Maynor and Jon "Johnny Cache" Ellch used the Black Hat 2006 conference in Las Vegas to release a video demonstrating a MacBook being compromised through a flaw that they said was common to the Mac and Windows operating systems. While Mr. Maynor claimed that the flaw existed in Mac OS X, he used a third-party wireless device and driver to demonstrate the exploit because Apple "had leaned on them" to not use the MacBookis built-in AirPort Extreme technology.
Macworld noted that the SecureWorks Web site has since been updated with this disclaimer: "Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver -- not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available."