Apple has released a security update for two of its networking products, which were vulnerable to the Heartbleed OpenSSL bug. The patch was specifically made for the Apple AirPort Extreme, and the Apple AirPort Time Capsule.
However, it’s worth noting that only the versions of AirPort Extreme and AirPort Time Capsule with 802.11ac support built in were afflicted. Apple said that “an attacker in a privileged network position may obtain memory contents” in the post where it announced the availability of the patch.
On top of that, two conditions had to be met for Heartbleed to pose a threat to users of the AirPort Extreme and/or the AirPort Time Capsule: either the Back to My Mac or Send Diagnostics options had to be enabled.
The Heartbleed bug allows hackers to send fake heartbeat messages, which can trick a website’s server into relaying data that’s stored in its memory. This includes sensitive information such as usernames, passwords, credit card numbers, emails, and more.
Apple says that every other version of its AirPort base stations is safe from the Heartbleed vulnerability. You can grab the patch here.
- How Google’s ‘Project Zero’ task force races hackers to snuff out bugs
- Apple protects MacOS Sierra, El Capitan from Meltdown, lists Google bugs
- Some Android manufacturers lie to customers about installing security updates
- Hackers can bypass the Windows 10 S lockdown due to security flaw
- AMD is working on fixes for the reported Ryzenfall, MasterKey vulnerabilities