Skip to main content

AirPort users, don't ignore the latest firmware update! It patches a critical security bug

apple airport base station dns vulnerability patched applewwdc2013 extreme
Image used with permission by copyright holder
Apple released a firmware for their wireless router today that patches a critical vulnerability.

The flaw, a memory corruption issue stemming from DNS (Domain Name System) data parsing, allows arbitrary code execution, Macworld is reporting. The new firmware, 7.6.7 and 7.7.7, solves the issue. Fortunately, it appears Apple found the issue before anyone could exploit it.

“A memory corruption issue existed in DNS data parsing,” reads Apple’s security report on the update. “This issue was addressed through improved bounds checking.”

Apple didn’t offer a lot of details about the bug, or the fix, beyond those words. This is typical for the company, which prefers to wait until a thorough investigation is complete before revealing too much about security flaws.

Having said that, we can explain a little better what Apple means by an “issue in DNS data parsing”. DNS, if you don’t know, is the system by which your a web address (for example, “google.com”) is translated into an IP address (for example, “194.122.81.45”).

What’s that have to do with the Airport? When you try to open a web address, your computer or phone asks the local router for the IP address. In this way, the router is acting as a local DNS server. Your router, in turn, asks an external DNS server for the address, meaning it is acting as a DNS client.

Apple has not clarified which role the Airport plays, server or client, was causing the problem. Whichever role it was, it was bad enough to allow the execution of arbitrary code, which in security terms means an attacker could do whatever they wanted after exploiting the issue.

So if there’s one upgrade you don’t ignore, it’s this one. Go ahead and install that update now, and make sure the rest of your devices are up-to-date while you’re at it.

Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
How to check your fps (frames per second) in games on PC
Colt shoots an enemy off their feet in Deathloop.

PC gaming is all about pushing frames per second (fps) as high as possible. With a high refresh rate monitor, a high fps makes your games look smoother and feel more responsive, helping you be more competitive in esports games. But in order to know if your frame rate is high enough, you need to know how high it actually is. You need to know how to check your fps.

Read more
Stop spending so much money on your laptop
Asus Zenbook 14X OLED front angled view showing display and keyboard.

If you're in the market for a new laptop today, you'll encounter a dizzying array of options ranging in price from a few hundred dollars up to the low five figures. You'll find different build qualities, specifications, display types, and much more, all of which combine to make choosing the best laptop for you a challenge.

It's tempting to get mesmerized by the latest and greatest machines and end up spending a lot more than you need to or should. The thing is, there are legitimate reasons to spend less on a laptop in 2023, and trust me -- it hasn't always been this way.
You probably don't need more power
Asus ZenBook 14X OLED Mark Coppock / Digital Trends

Read more
Malicious bots make up 73% of internet traffic, report says
italy agcom pirate anti piracy download bay software keyboard skull music cyber crime

In a concerning revelation by the fraud control platform Arkose Labs, about 73% of internet traffic to websites and apps that was analyzed between January and September 2023 has been attributed to bots engaging in malicious activities. This revelation sparks discussions about the significant drain on valuable resources caused by such nefarious actions.

The third quarter of 2023 witnessed the dominance of five primary categories of bad bot activities, including account takeover, scraping, fake account creation, account management, and in-product abuse. This is similar to the second quarter, with the notable exception of in-product abuse stepping in for card testing.

Read more