Month of Kernel Bugs kicks off with AirPort exploit

A hacker going by the handle of "lmh" has taken it upon him or herself to host a blog that publishes themed attack code on a daily basis. A parody of security researcher H.D. Moore's "Month of Browser Bugs," lmh's "Month of Kernel Bugs" aims to "provide information about kernel-land bugs, hacks and tricks." To that end, lmh has released a proof-of-concept attack on Apple's AirPort device driver that could allow an attacker to induce a kernel panic in a compromised machine. "The vulnerability itself only affects older hardware and is going to be difficult to turn into a remote code execution exploit, but it's definitely possible, just a matter of time and motivation," Moore said. "The current proof-of-concept triggers a fatal kernel panic and forces the user to power cycle their machine." Still, the exploit may be designed to prove a point, rather than to do actual damage. Keep in mind the reaction that the Mac-faithful had to the similar MacBook hack a few months back and you'll see what I'm getting at. "I see this exploit as a great way to demonstrate just how easy some of the wireless driver vulnerabilities are," said Moore.

For more on the new AirPort hack:
- see the original Kernel Fun Blog post
- and the ZDnet article