Jump to content

Intel Patches Wireless Vulnerabilities


Thaising

Recommended Posts

Jeremy Kirk, IDG News Service

Thursday, August 03, 2006

Intel has issued patches for three vulnerabilities for its wireless hardware and software.

Two problems affect certain versions of its Pro/Wireless Network Connection Hardware, part of its Centrino mobile platform, Intel said. The vulnerabilities lie in drivers from Microsoft, Intel said.

The flaws could allow an attacker near a Wi-Fi station to run unauthorized code on a victim's machine or gain kernel-level privileges.

A third vulnerability affects Intel's Proset/Wireless Software. It could lead to a hacker obtaining authentication credentials, Intel said.

So far, no attempts have been made to exploit the vulnerabilities, Intel said.

Possible Attacks

Graham Cluley, senior technology consultant for security vendor Sophos, said a hacker could use the driver problems to create a worm that replicates itself by passing to other computers over a Wi-Fi network.

"It's a very big target for people to do these sorts of things," Cluley said.

Users can verify what version of the hardware they are running at Intel's Web site.

The new drivers also can be downloaded from the site.

Intel cautioned, however, that the updated drivers are generic ones and that OEMs (original equipment manufacturers) may have changed some of the software. The generic drivers have not been verified by manufacturers for compatibility, Intel said.

For the other vulnerability, Intel recommended saving the profile of the Proset/Wireless Software with the "export" feature before making changes.

The SANS Institute, a security training organization, said in an advisory it does not believe updated drivers would be delivered through Microsoft's automated update system. Microsoft officials could not be immediately reached.

SANS also advised that users should check with system vendors to see if custom drivers are going to be released. The patches will have to be applied manually unless manufacturers provide an automated update tool, SANS said.

Link to comment
Share on other sites

the problem is with the chipset. The guy who made the discovery demonstrated the flaw and successfully got into the target machine. The real problem is, the target was a Macbook. Windows/Intel hardware with the same wireless chipset is just as vulnerable.

Oh bugger.

Ah. Aparently happened to the Macbook with a third party wireless adapter and no the built in one.....phew.

Edited by phazey
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...