AirPort 4.2 is now available and delivers the following security
enhancement:
Available for: Mac OS X 10.3.3 to Mac OS X 10.3.9, and Mac OS X
10.4.2
CVE-ID: CAN-2005-2196
Impact: Mobile users with the original AirPort card enabled could
automatically associate to an malicious network
Description: When not connected to a known or trusted network, the
AirPort card "parks" on a randomly generated network with a default
WEP key. This can allow parked AirPort cards to automatically
connect to malicious networks without warning. This condition only
applies to AirPort cards and does not affect AirPort Extreme. The
System Profiler utility can be used to indicate the type of AirPort
card installed. This update addresses the problem by using a
randomly-generated 128-bit WEP key instead of the default WEP key.
Credit to Dino Dai Zovi for reporting this issue.
AirPort 4.2 may be obtained from the Software Update pane in
System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
For Mac OS X v10.3.3 through Mac OS X v10.3.9
The download file is named: "AirPortSW42.dmg"
Its SHA-1 digest is: bf2876b1873392e64b2e1061b835d35bfb67c3a6
The AirPort security fix is also contained within the
Mac OS X v10.4.2 update:
If updating from Mac OS X v10.4.1
The download file is named: "MacOSXUpdate10.4.2.dmg"
Its SHA-1 digest is: 5a11375c29f1f656061189b9467cf9291153de46
If updating from Mac OS X v10.4
The download file is named: "MacOSXUpdateCombo10.4.2.dmg"
Its SHA-1 digest is: 5149def0b79f030bdb2763283c376e4d87d085e9
