The Stack Archive

Apple patches AirPort bug to stop router exploits

Tue 21 Jun 2016

Apple AirPort

Apple has delivered a series of firmware updates for its AirPort wireless base stations in response to a router bug which was exposing the devices to cyber attackers.

The vulnerability, Apple’s security team explained, was a memory corruption fault originating from DNS (Domain Name System) data parsing which could have permitted hackers to execute arbitrary code attacks on the affected devices.

Responding to the CVE-2015-7029 flaw which was discovered last year, Apple has released patch updates 7.6.7 and 7.7.7 for AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n WiFi, as well as for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac WiFi.

In an advisory note, the company explained that the AirPort Utility 6.3.1 or later on OS X, or Airport Utility 1.3.1 or later on iOS, could be used to install the new firmware versions onto AirPort devices.

The iPhone maker did not reveal details about exploitation possibilities, and did not provide information on how severe the flaw was. However, mentioning ‘arbitrary code execution’ through remote DNS suggests the vulnerability was pretty serious.

The advisory message did not make clear if the data parsing problem was related to the DNS server or DNS client functionality. If the issue did lie in the parsing of queries received from LAN computers, any attack would be limited to the local network. However, greater danger would have occurred if the error was in the parsing of DNS responses, which could lead to remote exploitation.

‘After all, you almost never want your home router to answer DNS queries from the outside, so you almost never configure your router to do so. But you almost always want your router to perform requests to the outside as part of the service it provides to your internal network, so most routers are set up to work this way,’ Naked Security researchers explained.

If the code was executed from the root account, the entire device could have been compromised. This could have allowed hackers to launch further attacks against LAN computers, injecting rogue ads and redirecting users to malicious web pages for example.


Apple hacking news
Send us a correction about this article Send us a news tip