Apple issues security update for 802.11n AirPort Extreme Base Station
Apple on Monday released AirPort Extreme Base Station with 802.11n Firmware 7.1, which includes general fixes, compatibility updates, and security improvements for the recently introduced AirPort Extreme Base Station with 802.11n.
The first security hole addressed by the 4.6MB patch involves the router's default acceptance of incoming IPv6 connections, which could expose servers and other services connected to the Base Station to an attack by those using the newer Internet protocol.
Apple's fix is to change the standard policy, which automatically blocks inbound IPv6 traffic from all computers but those on the local network.
Less glaring but still important was a correction in the station's approach to USB hard drives shared through the AirPort Disk feature. Computers with access to the local network could previously view the names of files in password-protected volumes without first entering said password, potentially exposing any sensitive information that the file name might hold.
An extra layer of validation now prevents this from happening, authenticating a user before they can see the data in a secured volume. None of the files' contents were accessible before the update, Apple said.
The Mac maker recommends that all owners of the 802.11n device first install AirPort Base Station Update 2007-001 before attempting to update to the latest firmware.
The first security hole addressed by the 4.6MB patch involves the router's default acceptance of incoming IPv6 connections, which could expose servers and other services connected to the Base Station to an attack by those using the newer Internet protocol.
Apple's fix is to change the standard policy, which automatically blocks inbound IPv6 traffic from all computers but those on the local network.
Less glaring but still important was a correction in the station's approach to USB hard drives shared through the AirPort Disk feature. Computers with access to the local network could previously view the names of files in password-protected volumes without first entering said password, potentially exposing any sensitive information that the file name might hold.
An extra layer of validation now prevents this from happening, authenticating a user before they can see the data in a secured volume. None of the files' contents were accessible before the update, Apple said.
The Mac maker recommends that all owners of the 802.11n device first install AirPort Base Station Update 2007-001 before attempting to update to the latest firmware.
Comments
One fix included with this latest firmware is compatibility with Nortel VPN client.
There has been a documented VPN passthrough issue, and the only workaround was to put the VPN machine in DMZ. Since I updated to the latest firmware, I have been able to use my VPN client machines without any "modifications".
Without this capability, I had to downgrade to my old Linksys router, but now I can finally use the AP Extreme again!
Huh; tried running software update last night, and no update was available for me (I use the new -n enabled AEBS)...
You have to have the latest Airport Utility installed. When you open Airport Utility, it will tell you that you need to install the firmware for the router.
I have a static IP with my DSL provider, so I don't know if the problem exists for DHCP. But I would highly recommend against installing this update. Apple now knows about the problem and I would not be suprised to see a 7.2 update really soon.
Here's the whole story of what happened to me:
http://www.jayhaynes.net/2007/04/do_not_install_.html
You have to have the latest Airport Utility installed. When you open Airport Utility, it will tell you that you need to install the firmware for the router.
Ahh; yep, as soon as I opened Airport Utility, it informed me of an updated firmware... No issues for me thus far w/ this update...
I had serious DNS problems with the 7.1 Firmware update. Some sites (like nytimes.com) wouldn't load, others were extremely slow and I couldn't send any IMAP email. I have two 802.11n AirPorts and Apple is now replacing both because there is no way to undo the firmware upgrade (because I had two AirPorts, I definitively isolated the problem to the 7.1 update).
I have a static IP with my DSL provider, so I don't know if the problem exists for DHCP. But I would highly recommend against installing this update. Apple now knows about the problem and I would not be suprised to see a 7.2 update really soon.
Here's the whole story of what happened to me:
http://www.jayhaynes.net/2007/04/do_not_install_.html
Sounds like an issue related to specific network settings. I have had no issues with IMAP mail or websites like nytimes.com. I am running dynamic IP / DHCP on a Verizon DSL line.
Can you still ping the problem websites? Can you complete a traceroute? Did you adjust any firewall or port forwarding settings prior to the firmware update that could have been reset when it updated?
This firmware fixed a few issues for me like VPN passthrough and compatibility with a USB Linksys wireless adapter.