Apple releases AirPort Base Station security fixes
This week, Apple released an AirPort Base Station firmware update to close a series of security holes related to remote hacks, memory leaks and user data deletion.
Apple’s AirPort Base Station Firmware Update 7.9.1 includes fixes for eight identified bugs affecting AirPort Extreme and AirPort Time Capsule base station hardware with 802.11ac connectivity.
Among security fixes is a bug that allowed one remote attacker to ‘leak’ memory through an errant out-of-bounds read capability.
Three DoS issues were also addressed in the security fix, two of which could be triggered remotely through faulty code. The third security patch involved a DoS attack carried out by a bad actor in a privileged position. The problems were fixed through improved input validation and memory handling.
A null pointer dereference to access the data stored at that memory location and a ‘use after free’ issue were cited by Apple in one remote attack, and which could have enabled a hacker to run code on a targeted device.
A separate issue also allowed source-routed IPv4 packets to be unexpectedly accepted.
AirPort Base Station security fixes
A further security patch resolved an issue that meant user information was left on the base station after performing a factory reset.
Apple AirPort updates have been rare since the company officially discontinued their line of wireless routers back in 2018. The company last issued software updates in 2017 to deal with the ‘KRACK Attack’ vulnerability.
For users, Apple’s AirPort update can simply be performed through the AirPort Utility on Mac or iOS.
Apple has seen a few security issues over the last few years, with its apps and iPhones being hacked to distribute pirated apps and games.