Feeds

Apple stabs Heartbleed bug in AirPort Extreme, Time Capsule gear

Don't worry, everything else is still safe ... we think

Website security in corporate America

Apple has posted a security update to address instances of the Heartbleed security vulnerability in its AirPort router and file back-up gadgets.

The company said that a firmware update for the AirPort Extreme and AirPort Time Capsule home network appliances would address the infamous CVE-2014-0160 OpenSSL security vulnerability, better known by the nickname Heartbleed.

The flaw, in which an attacker can extract in-memory data from a targeted server, has sent shockwaves through the security community for both its severity and prevalence. Some experts believe that fully resolving the flaw will take months.

In Apple's case, the vulnerability lies in OpenSSL library used by the AirPort Extreme and AirPort Time Capsule 802.11ac models. An attacker who gains network access privileges could potentially use the flaw to gain access to data from the Back to My Mac remote access tool or the Send Diagnostics tool. Older versions of AirPort and Time Capsule are not subject to the flaw.

Users are being advised to install the AirPort Base Station Firmware Update 7.7.3 as soon as possible. The update can be obtained through the AirPort Utility management tool.

OS X and iOS users are otherwise protected from Heartbleed, as Apple's operating systems use an implementation of SSL/TLS which does not rely on the vulnerable components of OpenSSL.

That does not mean that Apple fanbois are immune from other SSL flaws, however. The company was the subject of the potentially serious "goto fail" flaw earlier this year and Apple just patched a separate "triple handshake" security issue for both iOS and OS X. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.