Apple today released AirPort Extreme and AirPort Time Capsule Firmware Update 7.7.3 for AirPorts with 802.11ac. The update includes security improvements related to SSL/TLS.
AirPort Base Station Firmware Update 7.7.3
Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11acImpact: An attacker in a privileged network position may obtain memory contents
Description: An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue.
Earlier this month, an OpenSSL bug known as Heartbleed made headlines, with Apple releasing a statement noting that iOS, OS X, and its "key web services" were unaffected by the security flaw, but it appears that the company's AirPort Extreme and AirPort Time Capsule were vulnerable.
The 7.7.3 update is recommended for all models of the AirPort Extreme and Time Capsule that support 802.11ac Wi-Fi, other AirPort base stations do not need to be updated.
Top Rated Comments
Hmm airport express not affected?
Let me let you answer that. Does the AirPort Express use 802.11ac? No. Do you even read the article?No, seriously, I wonder how many other routers out there are vulnerable to this and yet will never receive firmware updates because they are too difficult to install, unlike Airport routers?
I wonder if this vulnerability is unique to Airport routers because of the Back to the Mac feature that requires user credentials to stored in order to operate correctly?
This is something I was also wondering, I just checked and their does not seem to be any updates for them. Hopefully they are not affected.
Did you read the article?Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue.
well what do you expect ?
more than a week to figure out that a product is linked with a faulty lib !!
Perhaps they don't read news :p
Good job Apple
Step 1, Find the bug.
Step 2, Fix the bug.
Step 3, Test the fix.
Step 4, Test the fix.
Step 5, Test the fix.
Step 6, Test the fix.
Step 7, Release the fix.
No. It's the SSL bug, which has nothing to do with AC vs N.
There's a good chance the firmware for 802.11n routers was never updated to use OpenSSL 1.0.1, which is where the "Heartbleed" bug was introduced. OpenSSL 0.98 and 1.0.0 were actively maintained in separate branches and had security patches back-ported. As long as the older routers didn't need the new features introduced in 1.0.1, it would be silly to upgrade the firmware just to upgrade.
There is nothing to test, because it has been tested ad nauseum by thousands of people worldwide.
You don't do software development do you. Firmware is especially fragile because if it doesn't work, you could have all your customers lined out the front of your store with bricked Airports.