Apple stabs Heartbleed bug in AirPort Extreme, Time Capsule gear
Don't worry, everything else is still safe ... we think
Apple has posted a security update to address instances of the Heartbleed security vulnerability in its AirPort router and file back-up gadgets.
The company said that a firmware update for the AirPort Extreme and AirPort Time Capsule home network appliances would address the infamous CVE-2014-0160 OpenSSL security vulnerability, better known by the nickname Heartbleed.
The flaw, in which an attacker can extract in-memory data from a targeted server, has sent shockwaves through the security community for both its severity and prevalence. Some experts believe that fully resolving the flaw will take months.
In Apple's case, the vulnerability lies in OpenSSL library used by the AirPort Extreme and AirPort Time Capsule 802.11ac models. An attacker who gains network access privileges could potentially use the flaw to gain access to data from the Back to My Mac remote access tool or the Send Diagnostics tool. Older versions of AirPort and Time Capsule are not subject to the flaw.
Users are being advised to install the AirPort Base Station Firmware Update 7.7.3 as soon as possible. The update can be obtained through the AirPort Utility management tool.
OS X and iOS users are otherwise protected from Heartbleed, as Apple's operating systems use an implementation of SSL/TLS which does not rely on the vulnerable components of OpenSSL.
That does not mean that Apple fanbois are immune from other SSL flaws, however. The company was the subject of the potentially serious "goto fail" flaw earlier this year and Apple just patched a separate "triple handshake" security issue for both iOS and OS X. ®