or Connect
AppleInsider › Forums › Mac Hardware › Current Mac Hardware › Apple patches Heartbleed vulnerability in latest AirPort Extreme, Time Capsule update
New Posts  All Forums:Forum Nav:

Apple patches Heartbleed vulnerability in latest AirPort Extreme, Time Capsule update

post #1 of 24
Thread Starter 
In response to the Heartbleed kerfuffle, Apple on Tuesday rolled out a firmware update for all 2013 AirPort Extreme and AirPort Time Capsule models that protects affected units from the OpenSSL vulnerability.

AirPort


As noted by MacWorld, the firmware update that went live earlier today is specifically designed for Apple's latest AirPort products launched in June 2013.

In a statement provided to the publication, Apple said:

The firmware update provides a fix for the recent OpenSSL vulnerability for the latest generation of 802.11ac enabled AirPort Extreme and AirPort Time Capsule base stations (June 2013). This vulnerability only impacts recent Airport devices that have the Back to My Mac feature enabled. Customers with previous generation AirPort Extreme and AirPort Time Capsules do not need to update their base stations.


With Back to My Mac enabled, Heartbleed could allow a nefarious user to intercept data packages between a user and an AirPort base station, though Apple IDs and passwords would not be revealed.

Earlier this month, Apple announced iOS, OS X and key Web services were not affected by Heartbleed as the products did not incorporate the flawed software.
post #2 of 24
Quote:
Originally Posted by AppleInsider View Post

In response to the Heartbleed kerfuffle, . . .

do you guys even know what is a kerfuffle?
post #3 of 24
Quote:
Originally Posted by Pooch View Post


do you guys even know what is a kerfuffle?

Yes, you're being cute, but select the word and control click to get the definition.

Daniel Swanson

Reply

Daniel Swanson

Reply
post #4 of 24

wasnt it DED that was crowing on friday 18

 

"

How Apple dodged the Heartbleed bullet

Feature By Daniel Eran Dilger"

 

Now that's funny innit :-)

post #5 of 24
Quote:
Originally Posted by Pooch View Post

do you guys even know what is a kerfuffle?

No, but there's been a lot of folderol surrounding it.
"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
post #6 of 24
Quote:
Originally Posted by Taniwha View Post
 

wasnt it DED that was crowing on friday 18

 

"

How Apple dodged the Heartbleed bullet

Feature By Daniel Eran Dilger"

 

Now that's funny innit :-)

Totally thought the same thing when I read the headline :lol:

post #7 of 24

The chances that a home router would be compromised by a Heartbleed-based attack is slim to none, me thinks.

post #8 of 24
Quote:
Originally Posted by Taniwha View Post

wasnt it DED that was crowing on friday 18

"
How Apple dodged the Heartbleed bullet
Feature By Daniel Eran Dilger"

Now that's funny innit :-)
Quote:
Originally Posted by tbehunin View Post

Totally thought the same thing when I read the headline lol.gif

Using the bullet analogy I'd say that this more of a ricohete of a rubber bullet that they only heard going past them. It appears that the AEBS and TC need to have someone with admin privileges (that means local) in order for the RAM to be read. This isn't even close to having all of Apple's iCloud, iTunes Store, App Store, Mac App Store, iBookstore, and other servers vulnerable to this bug for the last two years.

This bot has been removed from circulation due to a malfunctioning morality chip.

Reply

This bot has been removed from circulation due to a malfunctioning morality chip.

Reply
post #9 of 24
Quote:
Originally Posted by SolipsismX View Post
 
Quote:
Originally Posted by Taniwha View Post

wasnt it DED that was crowing on friday 18
"
How Apple dodged the Heartbleed bullet
Feature By Daniel Eran Dilger"

Now that's funny innit :-)
Quote:
Originally Posted by tbehunin View Post

Totally thought the same thing when I read the headline lol.gif

Using the bullet analogy I'd say that this more of a ricohete of a rubber bullet that they only heard going past them. It appears that the AEBS and TC need to have someone with admin privileges (that means local) in order for the RAM to be read. This isn't even close to having all of Apple's iCloud, iTunes Store, App Store, Mac App Store, iBookstore, and other servers vulnerable to this bug for the last two years.

 

Awwww, cawwwm on, just when the droids thought they had something to crow about and you spoiled it. Did you really have to ? It's not as if they would even know the difference, or care. Pursuing the bullet analogy, they just thought they were shooting their mouth at a seemingly opportunistic target but it turned out to be just a drive-by sniping … with blanks. Oh their bleeding heart !

Now that's funny innit lol.gif

post #10 of 24
Quote:
Originally Posted by Pooch View Post

do you guys even know what is a kerfuffle?

A waffle with a kerf in it?

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #11 of 24

It does present a bit of a conundrum, whether to now stay with the Apple ecosystem or migrate everything to Android & Windows….

post #12 of 24
DED's head exploded.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #13 of 24
Quote:
Originally Posted by Suddenly Newton View Post

DED's head exploded.

He'll never even acknowledge this story.

Proud AAPL stock owner.

 

GOA

Reply

Proud AAPL stock owner.

 

GOA

Reply
post #14 of 24
Quote:
Originally Posted by SpamSandwich View Post

He'll never even acknowledge this story.

 

Maybe it's for the best. Otherwise, he's probably a danger to himself and others. ;)

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #15 of 24
An update will be coming to all effected Android users...soon...
post #16 of 24
Quote:
Originally Posted by Pooch View Post


do you guys even know what is a kerfuffle?

Isn't it one of those mushrooms they use pigs to hunt down?

post #17 of 24

I think Airport routers run the VxWorks operating system, the same one as the Mars rovers. Does this mean the rovers are also vulnerable to Heartbleed? 

post #18 of 24
Quote:
Originally Posted by Taniwha View Post
 

wasnt it DED that was crowing on friday 18

 

"

How Apple dodged the Heartbleed bullet

Feature By Daniel Eran Dilger"

 

Now that's funny innit :-)

The Airport Extreme doesn't run OSX, it runs VxWorks. Technically, Daniel was talking about Macs and iOS devices, not devices with embedded software. This is like talking about an Apple-branded printer (no longer available). You guys will do what you can to discredit anything Daniel says and anything Apple does, that's your right but please do it responsibly.

post #19 of 24
Quote:
Originally Posted by ascii View Post
 

I think Airport routers run the VxWorks operating system, the same one as the Mars rovers. Does this mean the rovers are also vulnerable to Heartbleed? 

Maybe, but rather unlikely.

 

The Heartbleed vulnerability affects OpenSSL versions 1.0.1 (launched March 24, 2012) through 1.0.1f. The most recent Mars rover Curiosity landed in 2011, so it would have been constructed running an OpenSSL version prior to 1.0.1 which are not affected by Heartbleed. This is why AirPort routers before the 802.11ac model (released in summer 2013) do not need a patch.

 

It is doubtful that any of the rovers have received updated OpenSSL versions.

 

More interesting is the fact that VxWorks runs the BMW iDrive system, Bombardier trains, a wide variety of other networking products (Linksys routers, SonicWall firewalls, Motorola cable modems, etc.), the Drobo (and a handful of other external RAID controllers), plus more things.

post #20 of 24
Quote:
Originally Posted by ascii View Post
 

I think Airport routers run the VxWorks operating system, the same one as the Mars rovers. Does this mean the rovers are also vulnerable to Heartbleed? 

 

Heartbleed is a bug on OpenSSL which is used to provide SSL/TLS services. It's not about the OS where the services are running. You can make your own OS and if it uses the vulnerable OpenSSL to provide services, then they are vulnerable to Heartbleed.

post #21 of 24
Quote:
Originally Posted by ascii View Post
 

I think Airport routers run the VxWorks operating system, the same one as the Mars rovers. Does this mean the rovers are also vulnerable to Heartbleed? 

 

Only if you're logging in to the rover and entering your password, in which case a Marvin may be able to access whatever private information about you is stored on the rover.

 

BTW, if you're logging in to the rover and entering your password, may I please come over and watch? Thanks.

Lorin Schultz (formerly V5V)

Audio Engineer

V5V Digital Media, Vancouver, BC Canada

Reply

Lorin Schultz (formerly V5V)

Audio Engineer

V5V Digital Media, Vancouver, BC Canada

Reply
post #22 of 24
Quote:
Originally Posted by kellya74u View Post
 

It does present a bit of a conundrum, whether to now stay with the Apple ecosystem or migrate everything to Android & Windows….

 

If it's good enough for Apple to use in their own datacenters, it should be good enough for Apple's customers.

 

post #23 of 24
Quote:
Originally Posted by rob53 View Post
 

The Airport Extreme doesn't run OSX, it runs VxWorks. Technically, Daniel was talking about Macs and iOS devices, not devices with embedded software. This is like talking about an Apple-branded printer (no longer available). You guys will do what you can to discredit anything Daniel says and anything Apple does, that's your right but please do it responsibly.

 

I think some people are just jealous that he has:

 

"A decade of experience in technical consulting or employment in information technology, recognized by the University of California to be equivalent to a Master’s Degree in Computer Science."

 

http://www.roughlydrafted.com/resume.html

post #24 of 24

Wow!

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Current Mac Hardware
AppleInsider › Forums › Mac Hardware › Current Mac Hardware › Apple patches Heartbleed vulnerability in latest AirPort Extreme, Time Capsule update