Apple issues Heartbleed bug fix for AirPort base stations
Firmware update repairs vulnerability in two AirPort base station models related to a major flaw in OpenSSL.
Apple released a firmware update Tuesday to address a vulnerability related to the Heartbleed bug found in its most recent AirPort Extreme and AirPort Time Capsule base stations.
The update, dubbed AirPort Base Station Firmware Update 7.7.3, repairs a vulnerability in the OpenSSL library that could allow an attacker to initiate a man-in-the-middle attack to intercept data, Apple said in a statement Tuesday. The only AirPort base stations affected by the bug are the AirPort Extreme and AirPort Time Capsule base stations with 802.11ac with Back to My Mac or Send Diagnostics enabled.
Used to keep prying eyes out of online communications, SSL, or Secure Sockets Layer, is one of the most basic forms of encrypting Internet traffic. A major vulnerability in open-source software called OpenSSL revealed earlier this month could expose the contents of a server's memory, which includes private data such as usernames, passwords, and credit card numbers.
While the bug's revelation immediately sent sites and services across the Internet into patch mode, Apple said its Web site was in the clear and that it never used the vulnerable software in its desktop and mobile operating systems.
Apple's routers aren't the only networking gear found to be affected by the bug. Cisco Systems and Juniper Networks issued advisories earlier this month that several of their networking products were vulnerable to the flaw.