Feeds

Apple stabs Heartbleed bug in AirPort Extreme, Time Capsule gear

Don't worry, everything else is still safe ... we think

The Essential Guide to IT Transformation

Apple has posted a security update to address instances of the Heartbleed security vulnerability in its AirPort router and file back-up gadgets.

The company said that a firmware update for the AirPort Extreme and AirPort Time Capsule home network appliances would address the infamous CVE-2014-0160 OpenSSL security vulnerability, better known by the nickname Heartbleed.

The flaw, in which an attacker can extract in-memory data from a targeted server, has sent shockwaves through the security community for both its severity and prevalence. Some experts believe that fully resolving the flaw will take months.

In Apple's case, the vulnerability lies in OpenSSL library used by the AirPort Extreme and AirPort Time Capsule 802.11ac models. An attacker who gains network access privileges could potentially use the flaw to gain access to data from the Back to My Mac remote access tool or the Send Diagnostics tool. Older versions of AirPort and Time Capsule are not subject to the flaw.

Users are being advised to install the AirPort Base Station Firmware Update 7.7.3 as soon as possible. The update can be obtained through the AirPort Utility management tool.

OS X and iOS users are otherwise protected from Heartbleed, as Apple's operating systems use an implementation of SSL/TLS which does not rely on the vulnerable components of OpenSSL.

That does not mean that Apple fanbois are immune from other SSL flaws, however. The company was the subject of the potentially serious "goto fail" flaw earlier this year and Apple just patched a separate "triple handshake" security issue for both iOS and OS X. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.