Home / mailingsPDF  

APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

Posted on 22 April 2014
Apple Security-announce

--===============1392752090==
Content-type: multipart/signed;
boundary="Apple-Mail=_7FE0F5C3-DB71-4252-9886-00C6B64D133A";
protocol="application/pgp-signature"; micalg=pgp-sha1


--Apple-Mail=_7FE0F5C3-DB71-4252-9886-00C6B64D133A
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

AirPort Base Station Firmware Update 7.7.3 is now available and
addresses the following:

Available for:
AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in a privileged network position may obtain
memory contents
Description: An out-of-bounds read issue existed in the OpenSSL
library when handling TLS heartbeat extension packets. An attacker in
a privileged network position could obtain information from process
memory. This issue was addressed through additional bounds checking.
Only AirPort Extreme and AirPort Time Capsule base stations with
802.11ac are affected, and only if they have Back to My Mac or Send
Diagnostics enabled. Other AirPort base stations are not impacted by
this issue.
CVE-ID
CVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta
of Google Security


Installation note for Firmware version 7.7.3

Firmware version 7.7.3 is installed on AirPort Extreme or AirPort
Time Capsule base stations with 802.11ac using AirPort Utility for
Mac or iOS.

Use AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1
or later on iOS to upgrade to Firmware version 7.7.3.

AirPort Utility for Mac is a free download from
http://www.apple.com/support/downloads/ and AirPort Utility for iOS
is a free download from the App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

 

TOP

Mailings :

Exploits :