Apple Patches SSL Bug in AirPort Base Station

| News

Apple updated the software for its 2013 model AirPort Extreme Base Station on Tuesday to address what it called " security improvements related to SSL/TLS." That, by chance, also happens to be the core of the problem in the OpenSSL heart bleed bug the company said doesn't affect any of its products, although Apple didn't mention the flaw by name.

Apple patches SSL security issue in 2013 AirPort Extreme Base StationApple patches SSL security issue in 2013 AirPort Extreme Base Station

Heartbleed is a code flaw in the SSL/TLS component in OpenSSL, which is used by many systems to encrypt data passing between computers over the Internet. The flaw could let hackers grab random memory fragments from servers, including the private keys they use to create secure connections. With those keys in hand, any data that passes into or out of the server can be decrypted -- including sensitive information like user names and passwords.

Following news of the security flaw, the company said, "Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key Web-based services were not affected." That statement didn't, however, mention the company's most recent Base Station model.

Apple hasn't said that it uses OpenSSL as part of the software in its Base Station products. The Mac Observer has reached out to Apple for clarification.

AirPort Base Station Firmware Update 7.7.3 is available only for Apple's tower-style 802.11ac-compatible wireless router.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

geoduck

That, by chance, also happens to be the core of the problem in the OpenSSL heart bleed bug the company said doesn’t affect any of its products, although Apple didn’t mention the flaw by name.

Correct me if I’m wrong but didn’t Apple say that the bug didn’t effect any of their “core systems”? I took that to mean cloud services, server systems, web pages, online purchasing, etc. I may be remembering it wrong but I don’t believe they said it did not effect their hardware products.

Hagen

Since Apple uses their own SSL implementation in Mac OS X and iOS, I’d be very surprised if they turned to OpenSSL for any of their other products.

I suspect that the OpenSSL troubles out there made Apple re-inspect their own implementation, which revealed other potential issues fixed here.

Log-in to comment