AirPort Update to Fend Off Heartbleed

Wednesday, April 23, 2014 @ 06:04 PM gHale


Apple is recommending users of its AirPort wireless products patch their kit with a new firmware update designed to fix security issues related to Secure Sockets Layer (SSL), to address the Heartbleed security flaw.

Apple posted a notice to its support website detailing the AirPort Base Station Firmware Update 7.7.3. Apple said the update should apply to all AirPort Extreme and AirPort Time Capsule base stations supporting 802.11ac, but said other AirPort base stations do not require it.

RELATED STORIES
Attacker Grabs Heartbleed VPN Sessions
Heartbleed Cuts Tor Capacity
Heartbleed Solution: All in a Honeypot
VMWare Issues Initial Heartbleed Fix

Apple said the update “provides security improvements related to SSL/TLS.” It does not explicitly mention the Heartbleed bug, but Heartbleed was in the OpenSSL implementation of the SSL protocol.

The company also advised owners of the AirPort Extreme and AirPort Time Capsule products with 802.11ac they may need to re-enable the Back to My Mac remote access service on their equipment after applying the update, if they use this service.

Back to My Mac enables users to remotely access files on their Mac or to remotely control it using screen sharing, akin to services such as GoToMyPC or LogMeIn.

The Heartbleed bug potentially allows an attacker to steal data from the memory of a device or system running the flawed OpenSSL software and compromise the encryption protecting communications between it and other devices.

The OpenSSL implementation of the protocol see use in many routers and operating systems, including the Android smartphone platform.



Leave a Reply

You must be logged in to post a comment.