Apple's AirPort Extreme can pose security risk

Firmware update for latest wireless base station fixes vulnerability that exposes file names on a password-protected disk.
Written by Joris Evers, Contributor
Apple on Monday released a software update that addresses a pair of security problems in the company's latest AirPort Extreme base station.

The update, available for download from Apple's Web site, tightens the default configuration of the AirPort Extreme Base Station with 802.11n, Apple said in a security alert. The update also fixes a security flaw that exposes file names on a password-protected disk attached to the device, Apple said.

The default configuration of the Apple base station allows incoming IPv6 connections. This may expose network services on hosts connected to the device to remote attackers, Apple said. IPv6 is the next version of the Internet Protocol designed to support a broader range of IP addresses as the IP version 4 addresses currently in use become scarce.

"This update addresses the issue by changing the default setting to limit inbound IPv6 traffic to the local network," the Mac maker said.

The second issue relates to AirPort Disk, a feature of which allows network users to share storage space on a USB disk connected to the base station. Airport Disk has a password protection feature, but that doesn't protect file names, Apple said.

"An issue in the AirPort Disk feature allows users on the local network to view file names--but not their contents--on a password-protected disk without providing a password," Apple said. The software update fixes that problem, the company said.

Both issues only affect the AirPort Extreme Base Station with 802.11n, a wireless router Apple introduced in January at Macworld in San Francisco. The software download, which updates the device's firmware, can be installed through the Airport Utility.

Editorial standards