Apple Inc. has fixed two AirPort Extreme Base Station flaws attackers could exploit to bypass security restrictions...
and access sensitive data.
According to the French Security Incident Response Team (FrSIRT), the first problem is a design error within the default configuration that allows incoming IPv6 connections and traffic to the local network, which could expose network services on hosts connected through a vulnerable station.
"This update addresses the issue by changing the default setting to limit inbound IPv6 traffic to the local network," Apple said in its advisory.
The second problem is an error in the AirPort Disk feature that fails to properly validate access requests. "An issue in the AirPort Disk feature allows users on the local network to view file names -- but not their contents -- on a password-protected disk without providing a password," Apple said.
The flaws affect AirPort Extreme Base Station versions prior to 7.1. Upgrading to firmware version 7.1 will correct the problem.
Both issues only affect the AirPort Extreme Base Station with 802.11n, Apple noted.