Apple releases AirPort Base Station update with security fixes
Apple on Thursday issued an AirPort Base Station firmware update to close a handful of security holes related to remote hacks, memory leaks and user data deletion.
Apple's AirPort Base Station Firmware Update 7.9.1 includes fixes for eight identified bugs impacting AirPort Extreme and AirPort Time Capsule base station hardware with 802.11ac connectivity.
Among the resolved security issues is a bug that allowed a remote attacker to leak memory through an errant out-of-bounds read capability.
Three denial of service issues were addressed in the patch, two of which could be triggered remotely through faulty code. The third involved a similar denial of service attack carried out by a bad actor in a privileged position. The problems were resolved through improved input validation and memory handling.
A null pointer dereference and a "use after free" issue were cited in a remote attack that could enabled a hacker to run code on a targeted device, while a separate issue allowed source-routed IPv4 packets to be unexpectedly accepted.
Finally, the update addresses an issue that left some some user information on a base station after performing a factory reset.
AirPort updates have been few and far between since Apple officially discontinued the line of branded wireless routers in 2018. The company last pushed out new software in 2017 to deal with the "KRACK Attack" vulnerability.
Apple's AirPort update can be performed through the AirPort Utility on Mac or iOS.