[Update: Apple’s release notes detail that these updates include fixes for the KRACK and Broadpwn vulnerabilities.]

Apple has today released firmware updates for its AirPort devices, including the AirPort Time Capsule, AirPort Extreme, and AirPort Express.

AirPods

The 7.6.9 update is for 801.11n base stations and the 7.7.9 update is for 802.11ac models. These updates provide important security patches for the KRACK and Broadpwn exploits.

Users may not see any prompt for the firmware upgrade, but can manually do so by opening AirPort Utility on Mac or iOS. Select your AirPort device and click Update.

Just over a year ago we reported that Apple had stopped developing its AirPort products, and it seems the company hasn’t changed its plans.

Now, some of the most popular options include mesh systems from eero and Google. Jeff did an in depth review of Synology’s RT2600ac, finding it to be a worthy option. I need to pick up something soon myself as you might notice from the image above I’ve got an almost decade old Time Capsule!

Full release notes:

AirPort Base Station Firmware

Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac

Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

AirPort Base Station Firmware

Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks – KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

AirPort Base Station Firmware

Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks – KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

AirPort Base Station Firmware

Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks – KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

AirPort Base Station Firmware

Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks – KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

Via MacRumors


Check out 9to5Mac on YouTube for more Apple news:

About the Author

Michael Potuck's favorite gear