Home > Computing > Two Apple AirPort base stations were vulnerable to…

Two Apple AirPort base stations were vulnerable to Heartbleed, but have been patched

Apple has released a security update for two of its networking products, which were vulnerable to the Heartbleed OpenSSL bug. The patch was specifically made for the Apple AirPort Extreme, and the Apple AirPort Time Capsule.

However, it’s worth noting that only the versions of AirPort Extreme and AirPort Time Capsule with 802.11ac support built in were afflicted. Apple said that “an attacker in a privileged network position may obtain memory contents” in the post where it announced the availability of the patch.

On top of that, two conditions had to be met for Heartbleed to pose a threat to users of the AirPort Extreme and/or the AirPort Time Capsule: either the Back to My Mac or Send Diagnostics options had to be enabled.

The Heartbleed bug allows hackers to send fake heartbeat messages, which can trick a website’s server into relaying data that’s stored in its memory. This includes sensitive information such as usernames, passwords, credit card numbers, emails, and more.

Apple says that every other version of its AirPort base stations is safe from the Heartbleed vulnerability. You can grab the patch here