Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.0562
AirPort Base Station Firmware Update 7.7.3
23 April 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: AirPort Base Station
Publisher: Apple
Operating System: Network Appliance
Impact/Access: Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-0160
Reference: ASB-2014.0042
ESB-2014.0457
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3
AirPort Base Station Firmware Update 7.7.3 is now available and
addresses the following:
Available for:
AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in a privileged network position may obtain
memory contents
Description: An out-of-bounds read issue existed in the OpenSSL
library when handling TLS heartbeat extension packets. An attacker in
a privileged network position could obtain information from process
memory. This issue was addressed through additional bounds checking.
Only AirPort Extreme and AirPort Time Capsule base stations with
802.11ac are affected, and only if they have Back to My Mac or Send
Diagnostics enabled. Other AirPort base stations are not impacted by
this issue.
CVE-ID
CVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta
of Google Security
Installation note for Firmware version 7.7.3
Firmware version 7.7.3 is installed on AirPort Extreme or AirPort
Time Capsule base stations with 802.11ac using AirPort Utility for
Mac or iOS.
Use AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1
or later on iOS to upgrade to Firmware version 7.7.3.
AirPort Utility for Mac is a free download from
http://www.apple.com/support/downloads/ and AirPort Utility for iOS
is a free download from the App Store.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTVrLwAAoJEPefwLHPlZEw/doQAKGp94bWEOwMpmd5Wl5+pq9r
1P/ONcCoQoUSyHmOFC232Ep4/t/SSoFs/2ZzbaJ8dg2mjGbDga3oIvknZl64I8fu
jTQ0XGjQLmqi1QiC1xWulIqcN2ThJDiaSKqbnOdwziufwdkWDEBxjITficeghXxH
Kxf+hyNAUV35dmfOhIMjrbQ8p4Q124C0+JY3Qj+KVaTTXIJAKFqD1dL14oJ2vRHM
C9cY/dlvNFvkNsbhdc1zX4qkwGHaoo5Z+Io06A+5H2zgPtokOs6xd4Or/aPnz2Jv
Kt18MYAdXBy1HI+OATVs9k6P7MEawT1dMaDWcPaCQn5FHbMkamThxQXC1tGhjH1H
yYRBK0eGwMSYqG6xNa/v0U9L0t/P3ftSIBBs1TBIVrahw9JQqKtZkTbCb9gOtnpD
lD/i7EjLrvyoHd9l08jF5cM2pcfVqfcaPY5xzTuFL396zipfAOdhEtU8fRuZmhpO
Uuq2PoMKBZC1qKFezsQfRuDu99MxObOuWnRquBFNcNyWyt1FUKc+q2CeULu0lgtJ
xzXEw8SzBIq24ICzQrOwsX2DCGe2xoYtNFzT4rpyM/nGAAZ0zH/tNdUmBA3kdtJI
ZKUjL0cikKFUOR49tRbh9O/QYykKbkYIOzGr34NBXC62rWJf+VzONtLBDyQp5cY2
txmN2j8ieuq9rty7QExG
=uoJs
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU1cnqRLndAQH1ShLAQKeKA//fM7HTZ9MWurVLGG/WPnNfnP+gPpDdEiy
nSXJTL0G4wFl8hslufAivPkrDJ+uePkh07V38TorAnP7DdTBUOiYESa3x4keQGGO
TfHr1hWAmvB+Gwpk7qMKnHVOIBawJQcOTk2xChSwngroQc4llrErkXRhTrv0u4Yd
b8tXll+RDnsV+ebC7UHe/ZbuTpPePvdExIVHAZYKS0inRaQciJ0kzU6l0evEZbR4
smBnk3Suoq/Swo7kJ+IUPYUD1qX6ygTgoodRf3qV8TCyjcdeYss6Jd2skGwa18yE
i1ExExPTRcmbC3d3ztnCW6zgN6Xl9SJQkn8mjUYX1e3AzEHbI07VwotaguWcAa33
3RmTuXR8+jlfUXkUq6jgfwcmsKvCz6MgMfBcC5T1Ebu2x7cZkYd5kTKu/ooNMRz1
+iaGVJtKgkdhmFwmuPv9NrXV1z1bBtsP/2INS4qrpz/AEATDfGlMKEh5sAWTu/6Z
nr4kGaoQEiVSIdT5nMHxSzJo96EaAyOvYr4DbrItKiuyR/M73/V7xC9A74Myv6QU
OiRzIFOG0fSMys3meEXHEa5qSReyuA4uVInPWxS+b0A0bTllGTcoTUsFBn6XMDvT
4JT1VoAZrP/QBI/21pVYsi0vR8SmRUgDedYGrNDSiARzhxC/t7aQi4CEiKDJmROh
3VMb6ulAyDA=
=7PBK
-----END PGP SIGNATURE-----