BugTraq
APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 Apr 22 2014 08:59PM
Apple Product Security (product-security-noreply lists apple com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

AirPort Base Station Firmware Update 7.7.3 is now available and
addresses the following:

Available for:
AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in a privileged network position may obtain
memory contents
Description: An out-of-bounds read issue existed in the OpenSSL
library when handling TLS heartbeat extension packets. An attacker in
a privileged network position could obtain information from process
memory. This issue was addressed through additional bounds checking.
Only AirPort Extreme and AirPort Time Capsule base stations with
802.11ac are affected, and only if they have Back to My Mac or Send
Diagnostics enabled. Other AirPort base stations are not impacted by
this issue.
CVE-ID
CVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta
of Google Security

Installation note for Firmware version 7.7.3

Firmware version 7.7.3 is installed on AirPort Extreme or AirPort
Time Capsule base stations with 802.11ac using AirPort Utility for
Mac or iOS.

Use AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1
or later on iOS to upgrade to Firmware version 7.7.3.

AirPort Utility for Mac is a free download from
http://www.apple.com/support/downloads/ and AirPort Utility for iOS
is a free download from the App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTVrLwAAoJEPefwLHPlZEw/doQAKGp94bWEOwMpmd5Wl5+pq9r
1P/ONcCoQoUSyHmOFC232Ep4/t/SSoFs/2ZzbaJ8dg2mjGbDga3oIvknZl64I8fu
jTQ0XGjQLmqi1QiC1xWulIqcN2ThJDiaSKqbnOdwziufwdkWDEBxjITficeghXxH
Kxf+hyNAUV35dmfOhIMjrbQ8p4Q124C0+JY3Qj+KVaTTXIJAKFqD1dL14oJ2vRHM
C9cY/dlvNFvkNsbhdc1zX4qkwGHaoo5Z+Io06A+5H2zgPtokOs6xd4Or/aPnz2Jv
Kt18MYAdXBy1HI+OATVs9k6P7MEawT1dMaDWcPaCQn5FHbMkamThxQXC1tGhjH1H
yYRBK0eGwMSYqG6xNa/v0U9L0t/P3ftSIBBs1TBIVrahw9JQqKtZkTbCb9gOtnpD
lD/i7EjLrvyoHd9l08jF5cM2pcfVqfcaPY5xzTuFL396zipfAOdhEtU8fRuZmhpO
Uuq2PoMKBZC1qKFezsQfRuDu99MxObOuWnRquBFNcNyWyt1FUKc+q2CeULu0lgtJ
xzXEw8SzBIq24ICzQrOwsX2DCGe2xoYtNFzT4rpyM/nGAAZ0zH/tNdUmBA3kdtJI
ZKUjL0cikKFUOR49tRbh9O/QYykKbkYIOzGr34NBXC62rWJf+VzONtLBDyQp5cY2
txmN2j8ieuq9rty7QExG
=uoJs
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTVtgWAAoJEPefwLHPlZEwvsoP/18kD4EokIcxSpPNksPpKwzr
QWNyPfcjkcwTVChulzh9UnM7YJg9RLAgY4pO9iEwIdUe9DYtcm2I2imo2xGlQBX6
TyRDoHqMismdfebJEvN5SkbZGk6TwEOvIDFN0DsPj4aifyov5BkbhkuYN2/rQ0/9
BFwo+/PvfKwXKx4Em4npCORNhY6vioW4jcWG+9yBBhinodTg4tvyeLU9bvL4AOo6
769DwmVu0ooHTv4Uf1/uAIzKalab1dHYxVgcR6H2eXwmVity9NtNeeX6Vi61pGY6
dMt0X1Lvn9fRxEmGCNNfj96q1lvU+PfFN8mT9I/EpDNi89JucWl8trp79RcR3T0n
nUup6LfNY3SgEARi0cPDWtwTHt4vs/RF7VpBowt34mawS/nPNYs7fg5Gq6h0c7o8
/nNDAvjMIm/wAK/RJ6ib9VlPGSl7Uz3NbQByYppbWUkobqslKFNj2u5iev+J3UuV
et9aGLWOwcntL4BrlMM8kMiKy6XSn0qeGbF3nYBss21yo56TMdH3NXju1lE27x0G
VZp5hxZ8zDkl55LzAfPF7CuY7O+3Jv5VQ9igOTaHvOktCskcSu8nZpyaAZRVBJ5o
gM1Rwpb/sS10ayMn/p5sumEJFhUMGLAd2bHUuGjr2eGEdiSZd3keF7zViqlOFW1/
chKSubknu8KD2cVLCet9
=+qjM
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus