Screen Shot 2014-04-22 at 22.17.34

Apple has released a bug fix patch for its 2013 AirPort Extreme and Time Capsule, fixing the OpenSSL ‘Heartbleed’ vulnerability. The update does not apply to the AirPort Express.

Firmware update 7.7.3 is recommended for all AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. It provides security improvements related to SSL/TLS. Other AirPort base stations do not require this firmware update.

Amusingly, when Heartbleed made headlines earlier this month, Apple said that no key software or services were affected. They conveniently forgot to mention that their latest router hardware was susceptible to the flaw.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

5 Responses to “Apple releases Heartbleed bug fix for 2013 AirPort Extreme and Time Capsule”

  1. sardonick says:

    “amusingly”? Not so much.

    Like

  2. Jassi Sikand says:

    Um, AirPort is not software per-say nor is it a service. Software means iOS and OS X and service means Apple website and iCloud. They never said anything about firmware in hardware products. This problem probably has to do more with 802.11ac than actual Apple software.

    Like

  3. scumbolt2014 says:

    Or maybe Apple just didn’t want to announce to the world that they were vunurable while they found a fix. Seems like they did everyone with one a solid.

    Like

  4. ashtraywasp says:

    This is pretty heartbreaking to be honest (pun, but really).

    According to the security update page for this update (http://support.apple.com/kb/HT6203), it only affects users who have “Back to My Mac or Send Diagnostics enabled.”

    I’m actually an owner of the 802.11ac Airport Extreme, AND in my effort to help improve Apple products I do send diagnostics from my Extreme. I’m really glad it’s been patched, and it’s obviously not intentional, but I’m pretty surprised about this to be honest. The security of their Airport routers should be absolutely paramount.

    It’s important to note that prior to the most recent 802.11ac Airports, they have never had the capability to send diagnostics. It’s purely a feature in the latest generation.

    I’m guessing (and hoping) the reason this patch took so long is because they likely haven’t just updated whatever variant of OpenSSL they were using, and actually implemented their own TLS solution, and that the bug would have been difficult to discover/exploit anyway.. but this took too long, and is too damn important.

    Like