Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0562 AirPort Base Station Firmware Update 7.7.3 23 April 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: AirPort Base Station Publisher: Apple Operating System: Network Appliance Impact/Access: Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-0160 Reference: ASB-2014.0042 ESB-2014.0457 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged network position may obtain memory contents Description: An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue. CVE-ID CVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta of Google Security Installation note for Firmware version 7.7.3 Firmware version 7.7.3 is installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS. Use AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1 or later on iOS to upgrade to Firmware version 7.7.3. AirPort Utility for Mac is a free download from http://www.apple.com/support/downloads/ and AirPort Utility for iOS is a free download from the App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTVrLwAAoJEPefwLHPlZEw/doQAKGp94bWEOwMpmd5Wl5+pq9r 1P/ONcCoQoUSyHmOFC232Ep4/t/SSoFs/2ZzbaJ8dg2mjGbDga3oIvknZl64I8fu jTQ0XGjQLmqi1QiC1xWulIqcN2ThJDiaSKqbnOdwziufwdkWDEBxjITficeghXxH Kxf+hyNAUV35dmfOhIMjrbQ8p4Q124C0+JY3Qj+KVaTTXIJAKFqD1dL14oJ2vRHM C9cY/dlvNFvkNsbhdc1zX4qkwGHaoo5Z+Io06A+5H2zgPtokOs6xd4Or/aPnz2Jv Kt18MYAdXBy1HI+OATVs9k6P7MEawT1dMaDWcPaCQn5FHbMkamThxQXC1tGhjH1H yYRBK0eGwMSYqG6xNa/v0U9L0t/P3ftSIBBs1TBIVrahw9JQqKtZkTbCb9gOtnpD lD/i7EjLrvyoHd9l08jF5cM2pcfVqfcaPY5xzTuFL396zipfAOdhEtU8fRuZmhpO Uuq2PoMKBZC1qKFezsQfRuDu99MxObOuWnRquBFNcNyWyt1FUKc+q2CeULu0lgtJ xzXEw8SzBIq24ICzQrOwsX2DCGe2xoYtNFzT4rpyM/nGAAZ0zH/tNdUmBA3kdtJI ZKUjL0cikKFUOR49tRbh9O/QYykKbkYIOzGr34NBXC62rWJf+VzONtLBDyQp5cY2 txmN2j8ieuq9rty7QExG =uoJs - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU1cnqRLndAQH1ShLAQKeKA//fM7HTZ9MWurVLGG/WPnNfnP+gPpDdEiy nSXJTL0G4wFl8hslufAivPkrDJ+uePkh07V38TorAnP7DdTBUOiYESa3x4keQGGO TfHr1hWAmvB+Gwpk7qMKnHVOIBawJQcOTk2xChSwngroQc4llrErkXRhTrv0u4Yd b8tXll+RDnsV+ebC7UHe/ZbuTpPePvdExIVHAZYKS0inRaQciJ0kzU6l0evEZbR4 smBnk3Suoq/Swo7kJ+IUPYUD1qX6ygTgoodRf3qV8TCyjcdeYss6Jd2skGwa18yE i1ExExPTRcmbC3d3ztnCW6zgN6Xl9SJQkn8mjUYX1e3AzEHbI07VwotaguWcAa33 3RmTuXR8+jlfUXkUq6jgfwcmsKvCz6MgMfBcC5T1Ebu2x7cZkYd5kTKu/ooNMRz1 +iaGVJtKgkdhmFwmuPv9NrXV1z1bBtsP/2INS4qrpz/AEATDfGlMKEh5sAWTu/6Z nr4kGaoQEiVSIdT5nMHxSzJo96EaAyOvYr4DbrItKiuyR/M73/V7xC9A74Myv6QU OiRzIFOG0fSMys3meEXHEa5qSReyuA4uVInPWxS+b0A0bTllGTcoTUsFBn6XMDvT 4JT1VoAZrP/QBI/21pVYsi0vR8SmRUgDedYGrNDSiARzhxC/t7aQi4CEiKDJmROh 3VMb6ulAyDA= =7PBK -----END PGP SIGNATURE-----