Apple has released a bug fix patch for its 2013 AirPort Extreme and Time Capsule, fixing the OpenSSL ‘Heartbleed’ vulnerability. The update does not apply to the AirPort Express.
Firmware update 7.7.3 is recommended for all AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. It provides security improvements related to SSL/TLS. Other AirPort base stations do not require this firmware update.
Amusingly, when Heartbleed made headlines earlier this month, Apple said that no key software or services were affected. They conveniently forgot to mention that their latest router hardware was susceptible to the flaw.
FTC: We use income earning auto affiliate links. More.
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel
“amusingly”? Not so much.
Um, AirPort is not software per-say nor is it a service. Software means iOS and OS X and service means Apple website and iCloud. They never said anything about firmware in hardware products. This problem probably has to do more with 802.11ac than actual Apple software.
Or maybe Apple just didn’t want to announce to the world that they were vunurable while they found a fix. Seems like they did everyone with one a solid.
This is pretty heartbreaking to be honest (pun, but really).
According to the security update page for this update (http://support.apple.com/kb/HT6203), it only affects users who have “Back to My Mac or Send Diagnostics enabled.”
I’m actually an owner of the 802.11ac Airport Extreme, AND in my effort to help improve Apple products I do send diagnostics from my Extreme. I’m really glad it’s been patched, and it’s obviously not intentional, but I’m pretty surprised about this to be honest. The security of their Airport routers should be absolutely paramount.
It’s important to note that prior to the most recent 802.11ac Airports, they have never had the capability to send diagnostics. It’s purely a feature in the latest generation.
I’m guessing (and hoping) the reason this patch took so long is because they likely haven’t just updated whatever variant of OpenSSL they were using, and actually implemented their own TLS solution, and that the bug would have been difficult to discover/exploit anyway.. but this took too long, and is too damn important.
First Gen Time Capsules can also be a real pain as they over heat and blow their capacitors. Good news is it’s easy to fix though. Fixed mine for little money. Recommend time capsule fix at http://timecapsulefix.com