Apple plugs Airport Extreme Base Station firmware flaw

Summary:Apple has patched a denial of service vulnerability in its Airport Extreme Base Station firmware.In an advisory Wednesday Apple said firmware version 7.

Apple has patched a denial of service vulnerability in its Airport Extreme Base Station firmware.

In an advisory Wednesday Apple said firmware version 7.3.1 patches a vulnerability where a "maliciously crafted AFP request may lead to a denial of service."

Here's the description for CVE-2008-1012:

An input validation issue exists in the AirPort Extreme Base Station's handling of AFP requests, which may cause file sharing to become unresponsive. This update addresses the issue by performing additional validation of AFP requests. This issue does not affect Time Capsule or AirPort Express. The fix for this issue is available in the following separate updates: - - AirPort Extreme with 802.11n (Fast Ethernet) 7.3.1 - - AirPort Extreme with 802.11n (Gigabit Ethernet) 7.3.1 Credit to Alex deVries for reporting this issue.

The firmware update is the latest in a busy patch week for Apple, which updated Safari and OS X to plug security vulnerabilities. David Morgenstern has more on the functionality of the Airport update and has followed up on issues resulting from the other patches from Apple this week.

Topics: Software, Apple, Networking, Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.