Apple patches Heartbleed vulnerability in latest AirPort Extreme, Time Capsule update
In response to the Heartbleed kerfuffle, Apple on Tuesday rolled out a firmware update for all 2013 AirPort Extreme and AirPort Time Capsule models that protects affected units from the OpenSSL vulnerability.
As noted by MacWorld, the firmware update that went live earlier today is specifically designed for Apple's latest AirPort products launched in June 2013.
In a statement provided to the publication, Apple said:
Earlier this month, Apple announced iOS, OS X and key Web services were not affected by Heartbleed as the products did not incorporate the flawed software.
As noted by MacWorld, the firmware update that went live earlier today is specifically designed for Apple's latest AirPort products launched in June 2013.
In a statement provided to the publication, Apple said:
With Back to My Mac enabled, Heartbleed could allow a nefarious user to intercept data packages between a user and an AirPort base station, though Apple IDs and passwords would not be revealed.The firmware update provides a fix for the recent OpenSSL vulnerability for the latest generation of 802.11ac enabled AirPort Extreme and AirPort Time Capsule base stations (June 2013). This vulnerability only impacts recent Airport devices that have the Back to My Mac feature enabled. Customers with previous generation AirPort Extreme and AirPort Time Capsules do not need to update their base stations.
Earlier this month, Apple announced iOS, OS X and key Web services were not affected by Heartbleed as the products did not incorporate the flawed software.
Comments
do you guys even know what is a kerfuffle?
do you guys even know what is a kerfuffle?
Yes, you're being cute, but select the word and control click to get the definition.
wasnt it DED that was crowing on friday 18
"
How Apple dodged the Heartbleed bullet
Feature By Daniel Eran Dilger"
Now that's funny innit :-)
No, but there's been a lot of folderol surrounding it.
wasnt it DED that was crowing on friday 18
"
How Apple dodged the Heartbleed bullet
Feature By Daniel Eran Dilger"
Now that's funny innit :-)
Totally thought the same thing when I read the headline " src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />
The chances that a home router would be compromised by a Heartbleed-based attack is slim to none, me thinks.
Using the bullet analogy I'd say that this more of a ricohete of a rubber bullet that they only heard going past them. It appears that the AEBS and TC need to have someone with admin privileges (that means local) in order for the RAM to be read. This isn't even close to having all of Apple's iCloud, iTunes Store, App Store, Mac App Store, iBookstore, and other servers vulnerable to this bug for the last two years.
wasnt it DED that was crowing on friday 18
"
How Apple dodged the Heartbleed bullet
Feature By Daniel Eran Dilger"
Now that's funny innit :-)
Totally thought the same thing when I read the headline
Using the bullet analogy I'd say that this more of a ricohete of a rubber bullet that they only heard going past them. It appears that the AEBS and TC need to have someone with admin privileges (that means local) in order for the RAM to be read. This isn't even close to having all of Apple's iCloud, iTunes Store, App Store, Mac App Store, iBookstore, and other servers vulnerable to this bug for the last two years.
Awwww, cawwwm on, just when the droids thought they had something to crow about and you spoiled it. Did you really have to ? It's not as if they would even know the difference, or care. Pursuing the bullet analogy, they just thought they were shooting their mouth at a seemingly opportunistic target but it turned out to be just a drive-by sniping … with blanks. Oh their bleeding heart !
Now that's funny innit
A waffle with a kerf in it?
It does present a bit of a conundrum, whether to now stay with the Apple ecosystem or migrate everything to Android & Windows….
He'll never even acknowledge this story.
He'll never even acknowledge this story.
Maybe it's for the best. Otherwise, he's probably a danger to himself and others.
do you guys even know what is a kerfuffle?
Isn't it one of those mushrooms they use pigs to hunt down?
I think Airport routers run the VxWorks operating system, the same one as the Mars rovers. Does this mean the rovers are also vulnerable to Heartbleed?
wasnt it DED that was crowing on friday 18
"
How Apple dodged the Heartbleed bullet
Feature By Daniel Eran Dilger"
Now that's funny innit :-)
The Airport Extreme doesn't run OSX, it runs VxWorks. Technically, Daniel was talking about Macs and iOS devices, not devices with embedded software. This is like talking about an Apple-branded printer (no longer available). You guys will do what you can to discredit anything Daniel says and anything Apple does, that's your right but please do it responsibly.
I think Airport routers run the VxWorks operating system, the same one as the Mars rovers. Does this mean the rovers are also vulnerable to Heartbleed?
Maybe, but rather unlikely.
The Heartbleed vulnerability affects OpenSSL versions 1.0.1 (launched March 24, 2012) through 1.0.1f. The most recent Mars rover Curiosity landed in 2011, so it would have been constructed running an OpenSSL version prior to 1.0.1 which are not affected by Heartbleed. This is why AirPort routers before the 802.11ac model (released in summer 2013) do not need a patch.
It is doubtful that any of the rovers have received updated OpenSSL versions.
More interesting is the fact that VxWorks runs the BMW iDrive system, Bombardier trains, a wide variety of other networking products (Linksys routers, SonicWall firewalls, Motorola cable modems, etc.), the Drobo (and a handful of other external RAID controllers), plus more things.
I think Airport routers run the VxWorks operating system, the same one as the Mars rovers. Does this mean the rovers are also vulnerable to Heartbleed?
Heartbleed is a bug on OpenSSL which is used to provide SSL/TLS services. It's not about the OS where the services are running. You can make your own OS and if it uses the vulnerable OpenSSL to provide services, then they are vulnerable to Heartbleed.
I think Airport routers run the VxWorks operating system, the same one as the Mars rovers. Does this mean the rovers are also vulnerable to Heartbleed?
Only if you're logging in to the rover and entering your password, in which case a Marvin may be able to access whatever private information about you is stored on the rover.
BTW, if you're logging in to the rover and entering your password, may I please come over and watch? Thanks.