Apple Releases AirPort Extreme and Time Capsule Firmware Update 7.7.3 With Heartbleed Fix

by

airport_utility_iconApple today released AirPort Extreme and AirPort Time Capsule Firmware Update 7.7.3 for AirPorts with 802.11ac. The update includes security improvements related to SSL/TLS.

AirPort Base Station Firmware Update 7.7.3
Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac

Impact: An attacker in a privileged network position may obtain memory contents

Description: An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue.

Earlier this month, an OpenSSL bug known as Heartbleed made headlines, with Apple releasing a statement noting that iOS, OS X, and its "key web services" were unaffected by the security flaw, but it appears that the company's AirPort Extreme and AirPort Time Capsule were vulnerable.

The 7.7.3 update is recommended for all models of the AirPort Extreme and Time Capsule that support 802.11ac Wi-Fi, other AirPort base stations do not need to be updated.

Related Forum: Networking

Popular Stories

iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Less Than Two Months Away: Everything We Know

Thursday July 25, 2024 5:43 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article130 comments
Apple Intelligence General Feature

Apple Intelligence Now Available in New iOS 18.1, iPadOS 18.1, and macOS Sequoia Developer Betas

Monday July 29, 2024 10:07 am PDT by
Apple is today providing developers with the first betas of iOS 18.1, iPadOS 18.1, and macOS Sequoia 15.1, with the new software introducing an early version of the Apple Intelligence features. These new betas will be in testing alongside the current iOS 18, iPadOS 18, and macOS Sequoia 15 betas. Developers can choose whether to opt into the new betas with Apple Intelligence, or stay on the ...
Read Full Article347 comments
Apple Intelligence General Feature

Report: Apple Intelligence Delayed to iOS 18.1 in October

Sunday July 28, 2024 11:52 am PDT by
Apple Intelligence will miss its initial expected launch date to give Apple more time to fix bugs, Bloomberg's Mark Gurman reports. According to individuals with knowledge about Apple's plans, the company now plans to start rolling out Apple Intelligence in software updates by October, arriving several weeks after the launch of iOS 18, iPadOS 18, and macOS Sequoia. This means that Apple...
Read Full Article236 comments
T Mobile Generic Feature Pink 1

T-Mobile Sued for Breaking Lifetime Price Guarantees

Friday July 26, 2024 2:44 pm PDT by
T-Mobile customers have filed a lawsuit [PDF] against the carrier, alleging that it failed to honor a guarantee not to raise the prices of select cellular plans. The lawsuit, first spotted by Wired, claims that back in 2017, T-Mobile advertised several of its plans with a price lock, but then went on to increase prices starting in May 2024. "T-Mobile ONE customers keep their price until...
Read Full Article121 comments

Top Rated Comments

iNosey Avatar
iNosey
134 months ago
Hmm airport express not affected?
Let me let you answer that. Does the AirPort Express use 802.11ac? No. Do you even read the article?
Score: 7 Votes (Like | Disagree)
coolfactor Avatar
coolfactor
134 months ago
"APPLE SUX! HAHAHAHA"

No, seriously, I wonder how many other routers out there are vulnerable to this and yet will never receive firmware updates because they are too difficult to install, unlike Airport routers?

I wonder if this vulnerability is unique to Airport routers because of the Back to the Mac feature that requires user credentials to stored in order to operate correctly?
Score: 6 Votes (Like | Disagree)
PsyOpWarlord Avatar
PsyOpWarlord
134 months ago
This is something I was also wondering, I just checked and their does not seem to be any updates for them. Hopefully they are not affected.
Did you read the article?

Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue.
Score: 5 Votes (Like | Disagree)
Ralf The Dog Avatar
Ralf The Dog
134 months ago
well what do you expect ?
more than a week to figure out that a product is linked with a faulty lib !!
Perhaps they don't read news :p
Good job Apple

Step 1, Find the bug.
Step 2, Fix the bug.
Step 3, Test the fix.
Step 4, Test the fix.
Step 5, Test the fix.
Step 6, Test the fix.
Step 7, Release the fix.
Score: 5 Votes (Like | Disagree)
csixty4 Avatar
csixty4
134 months ago
No. It's the SSL bug, which has nothing to do with AC vs N.

There's a good chance the firmware for 802.11n routers was never updated to use OpenSSL 1.0.1, which is where the "Heartbleed" bug was introduced. OpenSSL 0.98 and 1.0.0 were actively maintained in separate branches and had security patches back-ported. As long as the older routers didn't need the new features introduced in 1.0.1, it would be silly to upgrade the firmware just to upgrade.
Score: 4 Votes (Like | Disagree)
rudigern Avatar
rudigern
134 months ago
There is nothing to test, because it has been tested ad nauseum by thousands of people worldwide.

You don't do software development do you. Firmware is especially fragile because if it doesn't work, you could have all your customers lined out the front of your store with bricked Airports.
Score: 4 Votes (Like | Disagree)
Read All Comments