BSD Kernel Stack Overflow
An integer overflow in the handling of corrupt IEEE 802.11 beacon or
probe response frames when scanning for existing wireless networks can
result in the frame overflowing a buffer.
From the FreeBSD Advisory. Researcher advisory is at Signedness.org. No word yet on if Macs are vulnerable. I think Richard at TaoSecurity sums it up well:
That’s cool. Insert wireless NIC, be 0wn3d. I’m glad I heard about this prior to Black Hat Federal next week.