Two researchers will demonstrate a driver exploit today at Black Hat 2006: This exploit was made public in general terms last month, but the actual public showing will be today. The researchers have found sufficient flaws in Wi-Fi drivers on the Apple MacBook (which they're using in the demo to tweak Mac users) and Windows XP (including signed drivers) to take over a computer. Their session won't show the live exploit because they're concerned about revealing the secret sauce to a community that knows all about sniffing Wi-Fi packets; rather, they'll show a video. (Update: The video is now available at Security Fix. It seems credible, but there's no enough detail to be sure. See Intel update at the end of this post for more on credibility.)
The exploits don't require that a Wi-Fi adapter be actively seeking for a network or connected to one. It need merely be turned on. (You can turn off Wi-Fi adapters on all laptops that feature the technology built in. I'm not sure if it's an FCC requirement, but it's certainly worthwhile from a battery-life perspective.)
Brian Krebs of The Washington Post's Security Fix notes that the number of different parties involved in making a Wi-Fi adapter work is part of the issue here, and the rush to get new, working technology out the door. Wi-Fi is a particular vector because it can be poked at remotely. There may be weaknesses in many hardware drivers, but most of those require physical access to the machine to exploit.
The researchers are apparently withholding details of the exploit, which has not been seen in the wild, and have provided details to computer and operating system makers.
Intel Centrino adapters already have updated drivers that are ostensibly to fix two forms of this problem for their original 2100 adapter, and the later 2200BG and 2915ABG adapters. The 2100 has a "malformed frame privilege escalation" patch while the later units can be protected against "malformed remote code execution."