Apple Security Advisory 2014-04-22-4 - AirPort Base Station Firmware Update 7.7.3 is now available and addresses a security issue. An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue.
bcc954ff6dd3f9af4c693d79f9c6375e2c876b9ed219f2665051d932f95aacd7-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3
AirPort Base Station Firmware Update 7.7.3 is now available and
addresses the following:
Available for:
AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in a privileged network position may obtain
memory contents
Description: An out-of-bounds read issue existed in the OpenSSL
library when handling TLS heartbeat extension packets. An attacker in
a privileged network position could obtain information from process
memory. This issue was addressed through additional bounds checking.
Only AirPort Extreme and AirPort Time Capsule base stations with
802.11ac are affected, and only if they have Back to My Mac or Send
Diagnostics enabled. Other AirPort base stations are not impacted by
this issue.
CVE-ID
CVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta
of Google Security
Installation note for Firmware version 7.7.3
Firmware version 7.7.3 is installed on AirPort Extreme or AirPort
Time Capsule base stations with 802.11ac using AirPort Utility for
Mac or iOS.
Use AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1
or later on iOS to upgrade to Firmware version 7.7.3.
AirPort Utility for Mac is a free download from
https://www.apple.com/support/downloads/ and AirPort Utility for iOS
is a free download from the App Store.
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBAgAGBQJTVrLwAAoJEPefwLHPlZEw/doQAKGp94bWEOwMpmd5Wl5+pq9r
1P/ONcCoQoUSyHmOFC232Ep4/t/SSoFs/2ZzbaJ8dg2mjGbDga3oIvknZl64I8fu
jTQ0XGjQLmqi1QiC1xWulIqcN2ThJDiaSKqbnOdwziufwdkWDEBxjITficeghXxH
Kxf+hyNAUV35dmfOhIMjrbQ8p4Q124C0+JY3Qj+KVaTTXIJAKFqD1dL14oJ2vRHM
C9cY/dlvNFvkNsbhdc1zX4qkwGHaoo5Z+Io06A+5H2zgPtokOs6xd4Or/aPnz2Jv
Kt18MYAdXBy1HI+OATVs9k6P7MEawT1dMaDWcPaCQn5FHbMkamThxQXC1tGhjH1H
yYRBK0eGwMSYqG6xNa/v0U9L0t/P3ftSIBBs1TBIVrahw9JQqKtZkTbCb9gOtnpD
lD/i7EjLrvyoHd9l08jF5cM2pcfVqfcaPY5xzTuFL396zipfAOdhEtU8fRuZmhpO
Uuq2PoMKBZC1qKFezsQfRuDu99MxObOuWnRquBFNcNyWyt1FUKc+q2CeULu0lgtJ
xzXEw8SzBIq24ICzQrOwsX2DCGe2xoYtNFzT4rpyM/nGAAZ0zH/tNdUmBA3kdtJI
ZKUjL0cikKFUOR49tRbh9O/QYykKbkYIOzGr34NBXC62rWJf+VzONtLBDyQp5cY2
txmN2j8ieuq9rty7QExG
=uoJs
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed