Wi-Fi Component Flaw Exposes Windows, Linux, OS X Systems

Researchers have identified a vulnerability in wpa_supplicant, the popular Wi-Fi Protected Access (WPA) supplicant for Linux, BSD, Mac OS X, Windows, and various other operating systems.

Developed and maintained by Jouni Malinen and others, wpa_supplicant works on both PCs and embedded systems. The software is designed to run in the background and control the connection.

According to an advisory published on Wednesday by Malinen, the supplicant is plagued by a security bug (CVE-2015-1863) that can lead to unexpected program behavior, exposure of memory contents, denial-of-service (DoS), and possibly even arbitrary code execution.

“A vulnerability was found in how wpa_supplicant uses SSID information parsed from management frames that create or update P2P peer entries (e.g., Probe Response frame or number of P2P Public Action frames),” the expert explained.

Read more from the [source] http://www.securityweek.com/wi-fi-component-flaw-exposes-windows-linux-os-x-systems