The 2007 Pwnie Award For Most Over-Hyped Bug
MacBook Wi-Fi Vulnerabilities
David Maynor demostrated exploiting a remote vulnerability in a third party wireless driver for an Apple Macbook in a video shown at BlackHat USA and DefCon 2006 and mentioned that Apple’s built-in wireless drivers also had security problems. Two months later, Apple released security updates to the wireless drivers but without crediting Maynor claiming that he never provided evidence of any vulnerabilities within the Apple-supplied wireless drivers and that the updates were the result of a proactive security audit. Maynor presented at BlackHat DC 2007 in February, showing his e-mails to Apple explaining how to set up an 802.11 fuzzing machine and demonstrating a remote kernel panic triggered over 802.11. In the end, the only public information about Maynor’s Wi-Fi vulnerabilities are hype, denial, a media frenzy, and a patch that may or may not have been based on Maynor’s findings.