Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Apple Fixes AirPort Base Station, Time Capsule Security Flaws



 By: Brian Prince
2009-03-06
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Apple issues an update to fix three security issues affecting its AirPort Base Station and Time Capsule products. The most serious of the issues could allow a remote user to cause a denial of service, inject forged packets and observe private network traffic.

Apple plugged three security holes in the latest update of its AirPort Base Station and Time Capsule products, including a serious vulnerability in the implementation of the IPv6 Neighbor Discovery Protocol. 

The aforementioned bug leaves users open to attack via a maliciously crafted message due to improper validation of the origin of Neighbor Discovery messages. According to Apple, a remote user can exploit the situation to cause a denial of service, observe private network traffic or inject forged packets.

Resource Library:

The update resolves the issue by performing additional validation of the messages.

The latest releases, Version 7.4.1, also fix two issues that could be exploited to cause a denial-of-service condition. One is an implementation issue in the handling of incoming ICMPv6 Packet Too Big messages. When IPv6 support is enabled, IPv6 nodes use Internet Control Message Protocol Version 6 (ICMPv6) to report errors encountered while processing packets. Improper handling of ICMPv6 messages can cause the device to shut down unexpectedly, Apple warned.

The final bug is due to an out-of-bounds memory access issue that exists in the handling of Point-to-Point Protocol over Ethernet (PPPoE) discovery packets. An attacker could exploit the vulnerability by sending a maliciously crafted PPPoE discovery packet.

Firmware Version 7.4.1 is installed into Time Capsule or AirPort Base Station with 802.11n via AirPort Utility, provided with the device, according to Apple. AirPort Utility 5.4.1 or later should be installed before upgrading to firmware Version 7.4.1. AirPort Utility 5.4.1 or later may be obtained through the Apple Support Downloads site.






  Reader Comments: Apple Fixes AirPort Base Station, Time Capsule Security Flaws
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}kw6DىCO-ȖĶ<ڞs I)CR~dvr[/=hɏNnwb["PU( $3W7-gB]snS;sa@ Y>%>{ ()o1mnf]( _hoL|Ax  tjGt0.Rk2 Z575'4o/Nne0S-:Iq>)֐NմH>ڴQ$)q@P.w@~Th \2IMc +#7 ݙx8/DeOd*Fӽ8t0k~BQ50NK <[< #5në |'3jc㥨 aP`\9t} - G&lw&"ScO$ӡNfI%p/0G^C]õ]Z.R͌eCwt=POMҷB($g >v?&R Ig%Ka5?GуN8CEnU[۾twy@nrt˜HJ&ԃ)C(p}=\'BL}:n/EӝÌfؖq[th(V*Z]QKru_):?*{1S wkL(eu7ٺs m%k%m{|Nw9; 7 ;AW@o&1`ZLTQRpf Rc@G'Y_G5}(ĭ~㖯[%MR?4,fϷ 3+i3*,GѠ-[:U!UsY6f0ZiCA+WtW?c;ˠjqsҾy^{7}rһ"uGV}Bg#j`BcYueUo~9c_C燙MXCEC0ʾ~Ff;|i.?uIAұ,m0dN`mY\H!-OT,>Jaf k$LJFo$3NE - uvPy۬)MZ!rƒ u%Ϲu(7hr Q@e)#8?S݇IhJq䨉k>ذ 1"%̟iJyOO XZދ"}Et"Ayi>]Q4{3Bɝ`g@IE !\J!}! g|8S%Ku}7pW-czlNVڒ1Wb{(1eޡ:I5tieO~S%g 5F4 ,heݴ%!g8WoꛛZOVa**r[TQnũl :2X jXR7XaQlA`:g!>QӚ#qRO#Gs>H2胎6mb8-" ,70}Hw@zqI 4 qx٭mE%_¤<  FA=H:}mP`~5$'@ ̀s'08 ɝ5E0ݻ#i`y1&=զA{ Tg ,zu}   @l߃5#閭,L<ħܠ>xx??Ȝ+) -@>HHBt"AђF )4 g #X"K"'GAo$HXVphT6ݞH:s'PT*esRأXB YX/E_R23#CdɬaX91{MfT`"[ᛥBKak`FX,CMۯ!M{:eXyD }= 3ܲM҂%LlQu0iH\UɲMg0s'{<7,kQχ _V̚s=R] kG2iM3ˁ2$vTD>L˄Fr=6:{mQH>08-uys3tNn~|XFhIO3_hy9grGֶ-/ * jJ=WsFA|5 i!sL&Ze on<GyoM'WQV{)5f+b*q (uP\O ō4BЊO}=lYJb-Y~k%fcP쉟KúJj'~d7Bɶ/^[aa6E]QYRKHD@CR)ҵ ҊaY^`(1 "x ӡE~چzCTCSk u > \ReeZȔmm1+Ւ9,Wfn ()r?-j5 /XS:hMI{{Lmϐ‡r N>G) zS7HhЦ0T]2akRhj]Maf(0q |0b=99pJ/]qY8-- 'uaOhI3Wk<'UC8`ڊ:DۃӜh2F ñeH{ӞW+H>LZ`!?ՊRRՄiO5 &^PGe d*m0ܱk}>aD6##BQZ>-B-g \ipbZEZLhKgAqA0*L\y.rV~ 2­qŝa&1 DR)Ö13wdi'GםT'咢TSҐah"pHEAxZkhpL@U.)L-9Iz  [ hg [Qzn3Cz+o `RI?I BL!2Bsݧ}=1g匬`"G lRPZUU+òZp~*0yϹoǼL yN¢ -{h'^+0ZN +J?#2ByQYhw\rR2 S#<~Ɋ0 ClW͵]\CcxV}85 g& R9!GF lɂu!MU~tzVE@ Gz#xؽN HuҚnHiZ\9֊N[SGs?@ťQ gicf MafFž.nJm^RK{m7`7,mCc$ D!S#2!z q[kh0hmf;;pLj %Jk欩x+sJbOW2EYiz|yloC鋨ݹY$'8 MGFi$]k|[P vfȍ w6N1L Ma}VD ϳ1W5 d,fqN0cp&vN{%ס9,3?tR:kt?y{z&[wtvX uL/RB71PUL xg4sgDcC6VNM&OWm"z'"#NS"K8ߋIUfS΁ۧMOT%0=@"TAұg.@C׳@.l̼QXCGTUeH5eJ3k% =EZЋvcSLJ΋]/$,RIv+Ձ΀LdV֪EzXz,)uzh&RrEE7uȋ­7:P$#I P*~JeP'Iվi1RʵRM()Co^DD\%/:&he~6%Kf?ͅZ5?g DsBx`fKܥ@vGܖ[J,]^@ Ba Q{lrK{]wֺXC8'̕KIl/kK{@utS6neUuZ]J_D'svL؞EA('d:)dnQ==׵![^H &|ݙCadJH5 ]Uj;_ 1s4G\0BR1|B$r UN7._VZiva ^`| @`'d1s<ēo =$Ԅ7xtLaV*S7oA!Rē#+cI`UI`w0kR6M1O{?L ПBQ`о(&ю0pmɪO@T #NEw%]n)ilw1NZݳxDŽst'_Awq@DyitaKKxiïRX-u[;lb4 LAIP 4p?$Y#O2nw/>JW6zv9D72DH#U9 su{!d};]x{ёҽN zփ w"YKrBVëX!aPHR ~tDۿR!G[yQb}b%h4eW:Bzc'?<'|x1 Ӣ_,wuϏ5m_f}GQ'-gFq?Iȸ:Gw*b9,_Aݾpne9r0jw{t=z;jw]!3LرDݘ~zNh53 \cALuvp߁؉H*Er+QD=%7,;O5L`]EE<.%-;-QL# Hlй"σSP+}Ƃ>#>n2'|2J$h﬉~QkE Vzwng},da}?H+Fyc(OKSiϑ٘&BERTUjln$+*sᔤvȌWNH&Xd1Ws0d&'i=K}#uo=إ 'ֻ%V2OJ7c#ZT>=b:q >`2mS:dR:s}MKO][_bH?4O\t65'C86h|mB{:a'sDW܍PKeM)@ѝӭ@9g!OJ49Af?ӷ,)>vg#=w`ѹbВ-ϻW+)EU cQLٻVe{rh haŏD^N|2k6d(΁[,3F#]Ec鴓FكI턿(r&-GtuteĬ {/ # &1.#spkg:&R%60vc>V]j1!ՏΉvR[%tI'+%qKMmakfr1K2UCޮ8ăWjRgD0CY%dqJ5{<ڋWd)9<_s:.IݮbYxlh0C C(Ⱥ &.z$ɝXLy0iDkJ}/Ec*X`b jc2pQ#cw}>1?RxTi>憌j@[:vgޜ_:iLʔ]8&^>AmDԏ 0 H'` 9XT\ҧE 腦1 Dd3|fw>wXLxP""٣#X_2gK4UmC5WH6 >LŒKWsv=Ë z/Ru@RKjh\Qwꀴ2!Uf(22B@% 3rJՒ+kx> 8ALd9pvYp€'\}%T BB5_`37G}~sg~sg~sg~sg~ZVݙ&"Ay{ ht[.n[&/.C6 .@bׅ⥙)HCB8EHg EDqon[K{=N!iФ=tlui1Ohwk"zQͯ 8=6zK{7c]b?˱ q]jy`)&5 ={{ڢaa8srox67K<:p̪aWTk|%#1~j95חP{L7`bHݾ ,ԥօ09^[ D@$ DiA4?P%_{p<Ǯm0Dד*,޼?u;t4x4z{H%6-PăǾI[ew񭕼@̨Ůa}z8yQj^(9Gtz9rBsgo G4۹^C۝ZA$rnIX)rφw5eMO\ǔs \5p_UbB/rWoi3"#^v+8EB>vjcm o3"{A۴Vx7iS7`Wul:9/T5y0m}m-6bV VKi畲Y -_ߩm.`G6ꇠd+Ь%5VfX5*j%M"q0M٫+⌉faeOj%s\H5T"[H"K)^&]ݽ]"|Ms-EM~+JʑO}KQaɒZhOפf>C$&p6P]}z Ucb^`baLDgl{#QӸl`™1tq*o(2T7=X67M ~VxrvU99 9XQYH鎸:-AҘX?_Kf?я?A* nO2 uRwfSte f0}PCu&nB[y鏩~T#? KL)PG%~'`<u'<~'$&Ȣ#>ybuuLɤQ? (p 0g{7@=s 9.O5aauמSN|l: ujj}ۏo-z~Et G2(kX5XmÈL2C[Ć+TWc#kx|_GDyw8i.C-NeosŏƮ"Jfad7&}$ƽ lE߽gLh긾MmMl@jQh&flZO'p.4XDJPa{qK&5@FpxIgzR0jsh*b4KB-'*5}L1zP쫫%` Zk^gYJ+Șz~j=! cETAN^es{ɧj*,P iTx-oA=ߠ{QŠx!y<fB׵'ao!vSK[7ϕ5S]<_q=%o77G'թJM[lݹ]{rCjLyYE8ee߼(QG2C`m4,\ =BπTa>A4`}*hZ%24 ^UߡVR*jZ?";М|Wyj]SjZYIeEF}vLJ\i &Y1v,T_^pY$Xk:Vga^N0wRʥz5yGG2](Ra ):fx)9LkG *&|{8oa>9(-`̷UKphY\-vҘqJE \7&Dm#i!'[,Yl6w,Mgvb"mkmnAjT["}Fsg7gb^o9g0c0,9+ xfVVTm}qV.R)q<>SKЁH5,?^J)}#Qi^_fFܞUk*q ,?y`,AijJǛh-;Q3a.p2zWR=U'=&hxiـjEl~%:td›36ɝ>=&&s?wg\NL!_ _߰,VIm{d72[ $}H?Z,DWc `xCI$!f=#Yg0\^ #Q_[{~:}GLw#;} S* DKS3y9asH ](vwFnȯze1uaӡu?䏃 OCcP9$#ETϷFsE_WJƈ^䰟aD9p=S-1ȘhD MQ VHxL~3&'N;%"&Lmahn.›حk%xL1f↿a9=g3bw#kĆRǠ{I=r^21Faŷ~$l;b21cbHc H"1XJe.J'eEt0 7 c!L)%nmn$|s ^6CXh8uXg- .E.[a8; Sܕk=6ͬS6zy 6t(QS=1U&FǮ+nN YrPh$`x=9~imta~X{SdO (  @Ka1c~Po֔J$2 >*%>gٕa)걪VR/? 0;Ue =M镬B*]S^Șq;ZGL€،\Sݹ>bgrһ"-rrUr]Y4a[+ |폺Uwzǽ'݋UbPhX>|i-?Aƛx[jy5s·x-M/ǭ}hj4}67a\nq4ħYx@zB32yT}n ,(%W(5 ʯ֗S[9=(#֗NN1/?#cN?~OOiw}y]hv9пnN?ӽ)wsKS?/?g9ak99?σ=ϡ9<>y9yyß(9_\CuN) S~909{s#?0~9׃r?=/r qP2U~}o@?֗_P~W]w Ρ   M:Iʙ#gK\8JW ͣ~TA_կ<$|sYU~vïUX^йZ*4ϑ*sҿ2~62A^u CFWz^S_yڙ閽pLڭe]9hwp_l(%^a/TZE/drxV=_bMedG,D<mJ5BfaO@Mb>;su:^>vCg>k'[ *8y:S w}Y&@Y8'}(hع+jzGrt5pÅzO@$ߙ܂C$ R#ZִZjVU iQ`#"2t>eު*R'Ӏe`_)&KyG l]{̾ZCO3CX)ḇ̺nk %<' !ޫXڼx`TS;i@9$L,(sY\FdlO\B/#Vyx;y1l&]\ʠaC7a,%sv[F8 c| E3F<>|#纗N .LESzq ;38,_bY\TY?q˭d<@T6߱ 9BInP_.˃a-C`b̜G.޵" 8luy9M"Rɖ T`a\m8ӎI8q0WTxg4Ɲҵ0{98𰙄i׌/Ûi3E Ar_>t j1M55~/#P<IfF┷FČ$3[e6L6FWDnr[O6 G<'n ug+6a`类nǝZ قTœj@@zĶ/n`B~nΩ'˶J}v`&GS EZg%^#%&a"c'x M?X`k+/F{{P΢d>x*$""H "s{F|%Ԅ'므Pn2!%؉GGuhJ u0 ł$|boEod!j[MA%c7uȮ%\76K>%Ͷs10cT =`DcБ2 VSX^ Ղ]#rF3 1#qy孥 YT8'Ҧwv=鱽$(\d~\g;Tj[e2B`+/2^;'H2Gd!᳤c9*?{3cwo'bO_s7eQ&PL®c)vȥIG[=$sDJrE)ߠ(b/<%0K`{ ,CP6L`>Ncc? `vwb9c˖; Mm+#8.(r Ul2- kc'p5 Mخ;Oq^gd9f7 ҵ91$+nvGT 7>5'ك|2h}́!Xs#Q%7` |[3_d%\"d @WD0;"6Yc.KE&(Xp\gAΙَS;>Ba2\HxZ x9O`^ۺ+AѾx'na|d[t%K^FzH§%C>KrX}mrcd+xf:PBEXMfFH׬X (K# LIN 8u vKѪ N7"`a^o1n,$9&@ R/%h2bo _ ($3]":xqeQVt*N`X;EkP.I{Tk꛺UF}BeFBl4.$7Y*Fnң/z.RHђڝ,!wj/e=;`ons g>p7*Ѡ,jU z' l5mEgl3W'J^R۝z"f/ROa6%s|N1VKi+^~)MC39U2k +q>lgLp -ϱeRZ`l/Z6w[|pm)