site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-07-19 AirPort 4.2 AirPort 4.2 is now available and delivers the following security enhancement: Available for: Mac OS X 10.3.3 to Mac OS X 10.3.9, and Mac OS X 10.4.2 CVE-ID: CAN-2005-2196 Impact: Mobile users with the original AirPort card enabled could automatically associate to an malicious network Description: When not connected to a known or trusted network, the AirPort card "parks" on a randomly generated network with a default WEP key. This can allow parked AirPort cards to automatically connect to malicious networks without warning. This condition only applies to AirPort cards and does not affect AirPort Extreme. The System Profiler utility can be used to indicate the type of AirPort card installed. This update addresses the problem by using a randomly-generated 128-bit WEP key instead of the default WEP key. Credit to Dino Dai Zovi for reporting this issue. AirPort 4.2 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.3.3 through Mac OS X v10.3.9 The download file is named: "AirPortSW42.dmg" Its SHA-1 digest is: bf2876b1873392e64b2e1061b835d35bfb67c3a6 The AirPort security fix is also contained within the Mac OS X v10.4.2 update: If updating from Mac OS X v10.4.1 The download file is named: "MacOSXUpdate10.4.2.dmg" Its SHA-1 digest is: 5a11375c29f1f656061189b9467cf9291153de46 If updating from Mac OS X v10.4 The download file is named: "MacOSXUpdateCombo10.4.2.dmg" Its SHA-1 digest is: 5149def0b79f030bdb2763283c376e4d87d085e9 Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBQt0uX4HaV5ucd/HdAQJnOQf+JLtyvWFB+Y8sDkiN4VB2MQN2LURiyAUp hGng/+F2JN1Y4AV1gD2eSqIvi4MYuaINiF0lrzGCmANxcX9S8VrHzRy21rrDKGNU 3RTaq1ZDHV4or9+ZznkWzJXEDAeLKprhYqhvpEyKGEQAUAxamXxBGB8Cfne5FDzA qb+JeGO0vV5S/d0XTs4KXzuX06QkNsZ8G01F7hsZ+LeRRqdA08ZQrK0NihDc+l/j QXSprcPqJQmYQciQycyPHLed3XWoXSbVE53NTbfa4ahxqwd9ldJAKyUZwOhW0Y1D vCSUcEnV2RA2+ckuW6cPWxzwxzMhQ7xqTA1DT6VAtVfbrJZ5PICnPw== =9ogg -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com