Apple fixes flaws in AirPort Extreme Base Station

Bill Brenner
Apple Inc. has fixed two AirPort Extreme Base Station flaws attackers could exploit to bypass security restrictions and access sensitive data.

According to the French Security

    Requires Free Membership to View

Incident Response Team (FrSIRT), the first problem is a design error within the default configuration that allows incoming IPv6 connections and traffic to the local network, which could expose network services on hosts connected through a vulnerable station.

"This update addresses the issue by changing the default setting to limit inbound IPv6 traffic to the local network," Apple said in its advisory.

The second problem is an error in the AirPort Disk feature that fails to properly validate access requests. "An issue in the AirPort Disk feature allows users on the local network to view file names -- but not their contents -- on a password-protected disk without providing a password," Apple said.

The flaws affect AirPort Extreme Base Station versions prior to 7.1. Upgrading to firmware version 7.1 will correct the problem.

Both issues only affect the AirPort Extreme Base Station with 802.11n, Apple noted.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: