Apple swats Airport Base Station security bugs

Summary:Apple has rolled out a firmware update to fix a pair of security vulnerabilities in the Airport Extreme Base Station.The most serious of the two -- a weakness in the way the default configuration of Airport Extreme handles IPv6 connections -- could allow remote hackers to bypass certain access restrictions.

Apple has rolled out a firmware update to fix a pair of security vulnerabilities in the Airport Extreme Base Station.

The most serious of the two -- a weakness in the way the default configuration of Airport Extreme handles IPv6 connections -- could allow remote hackers to bypass certain access restrictions.

"This may expose network services on hosts connected through an AirPort Extreme Base Station with 802.11n to remote attackers," Apple said in an advisory.

The second vulnerability, in the Airport Disk feature, could allow users on the local network to view filenames (but not their contents) on a password-protected disk without providing a password. AirPort Disk allows the sharing of files from a USB hard drive connected to a compatible base station. only affects AirPort Extreme Base Station with 802.11n*, and not other versions of the Base Station.

The two issues only apply to AirPort Extreme Base Station with 802.11n. Other versions of the Base Station are not affected.

These are the 63rd and 64th vulnerabilities fixed by Apple in 2007.

Topics: Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.