Risk: Low
An apparent flaw in Apple's wireless functionality has been found and widely criticised - one security expert has even offered to give the flaw finders a new MacBook if they successfully hijack it.
The flaw was presented by Jon Ellch and David Maynor at the recent Blackhat Conference in Las Vegas but has not been publicised outside of the conference. Many delegates at the conference reported anomalies in Ellch and Maynor's presentation, for instance, while stating that the wireless card does not need to be associated to a network, in the demo they clearly state that the attacker machine has been set up as an AP, and demonstrate this by defining the IP addresses of both boxes - 192.168.1.1 for the attacker and 192.168.1.50 for the MacBook.
Ellch has commented: "As everyone has noticed by now, we haven't said anything in public about this attack yet. There are two reasons.
1. Secureworks absolutely insists on being exceedingly responsible and doesn't want to release any details about anything until Apple issues a patch.
2. Responding to mac bloggers isn't my idea of a good time. Nothing I could say would ever convince them."
John Gruber, author of the Daring Fireball blog, has thrown the gauntlet out to Ellch and Maynor, stating: "If you can hijack a brand-new MacBook out of the box, it's yours to keep." Gruber has listed 14 conditions of the offer, the last of which states "If the offer is not accepted by September 8, 2006, it will be rescinded." To date it has not been accepted.