Feeds

Apple stabs Heartbleed bug in AirPort Extreme, Time Capsule gear

Don't worry, everything else is still safe ... we think

Secure remote control for conventional and virtual desktops

Apple has posted a security update to address instances of the Heartbleed security vulnerability in its AirPort router and file back-up gadgets.

The company said that a firmware update for the AirPort Extreme and AirPort Time Capsule home network appliances would address the infamous CVE-2014-0160 OpenSSL security vulnerability, better known by the nickname Heartbleed.

The flaw, in which an attacker can extract in-memory data from a targeted server, has sent shockwaves through the security community for both its severity and prevalence. Some experts believe that fully resolving the flaw will take months.

In Apple's case, the vulnerability lies in OpenSSL library used by the AirPort Extreme and AirPort Time Capsule 802.11ac models. An attacker who gains network access privileges could potentially use the flaw to gain access to data from the Back to My Mac remote access tool or the Send Diagnostics tool. Older versions of AirPort and Time Capsule are not subject to the flaw.

Users are being advised to install the AirPort Base Station Firmware Update 7.7.3 as soon as possible. The update can be obtained through the AirPort Utility management tool.

OS X and iOS users are otherwise protected from Heartbleed, as Apple's operating systems use an implementation of SSL/TLS which does not rely on the vulnerable components of OpenSSL.

That does not mean that Apple fanbois are immune from other SSL flaws, however. The company was the subject of the potentially serious "goto fail" flaw earlier this year and Apple just patched a separate "triple handshake" security issue for both iOS and OS X. ®

Remote control for virtualized desktops

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.