Date: Wednesday, May 25th, 2016, 08:11
Category: News, security, Software
It’s been a while since Apple released one of these.
On Wednesday, Apple released its AirPort Base Station Firmware Update 7.7.7 for its 802.11ac AirPort Extreme Base Station and Time Capsule units.
The update resolves the following security issues with the devices:
Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in a privileged network position may obtain memory contents
Description: An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue.
CVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta of Google Security
The firmware requires AirPort Utility 6.3.1 or later on OS X or AirPort Utility 1.3.1 or later on iOS to perform the upgrade.
If you’ve tried the new firmware and have any feedback to offer, please let us know in the comments.