AirPort owners: Apple's patched a mystery vuln
We'll tell you what was wrong once it's no longer news
Apple has run out a security update for its AirPort routers, to fix a nine-month-old DNS parsing vulnerability.
The firmware upgrade is here, and covers 802.11n AirPort Express, Extreme and Time Capsule base stations; and 802.11ac AirPort Extreme and Time Capsule versions.
The Apple advisory states only that “A remote attacker may be able to cause arbitrary code execution”, because of a memory corruption issue in DNS parsing.
With only that sparse information – and an acknowledgement to Alexandre Helie for discovering the bug – there's not much certainty about the nature of the vulnerability.
Over at Sophos' Naked Security, Paul Ducklin speculates that since it's described as remotely exploitable, the bug must make it easier to get an AirPort to accept fake DNS responses.
That would let an attacker capture requests from vulnerable devices, and redirect users to imposter sites.
According to Canadian outlet TVA Nouvelles (in French here), Alexandre Helie is a young Quebec hacker who Apple hired in January after he alerted Cupertino to security vulnerabilities.
TVA Nouvelles didn't know, in January, the nature of the bug that won Helie his job; that now seems to be clear. ®