Apple Patches SSL Bug in AirPort Base Station

Apple updated the software for its 2013 model AirPort Extreme Base Station on Tuesday to address what it called " security improvements related to SSL/TLS." That, by chance, also happens to be the core of the problem in the OpenSSL heart bleed bug the company said doesn't affect any of its products, although Apple didn't mention the flaw by name.

Apple patches SSL security issue in 2013 AirPort Extreme Base StationApple patches SSL security issue in 2013 AirPort Extreme Base Station

Heartbleed is a code flaw in the SSL/TLS component in OpenSSL, which is used by many systems to encrypt data passing between computers over the Internet. The flaw could let hackers grab random memory fragments from servers, including the private keys they use to create secure connections. With those keys in hand, any data that passes into or out of the server can be decrypted -- including sensitive information like user names and passwords.

Following news of the security flaw, the company said, "Apple takes security very seriously. iOS and OS X never incorporated the vulnerable software and key Web-based services were not affected." That statement didn't, however, mention the company's most recent Base Station model.

Apple hasn't said that it uses OpenSSL as part of the software in its Base Station products. The Mac Observer has reached out to Apple for clarification.

AirPort Base Station Firmware Update 7.7.3 is available only for Apple's tower-style 802.11ac-compatible wireless router.