On Thursday, Apple released a firmware update for AirPort base station to close a handful of security holes in external hack, memory leakage and deletion of user data.
Apple AirPort Base Station Firmware Update 7.9.1 contains repairs for eight identified errors affecting the AirPort Extreme and AirPort Time Capsule base station hardware with 802.11ac connection.
Among the solved security issues, there is an error that allowed an external attacker to leak memory through an expressible, undefined read function.
Three issues about service names were addressed in the update, two of which could be triggered remotely via the wrong code. The third involved a similar attack of service attacks by a bad actor in a privileged position. The issues were resolved through improved input validation and memory management.
A zero pointer dereference and a "free after-use" problem were cited in an external attack that could enable an attacker to run code on a targeted device, while a separate problem allowed source-routed IPv4 packets to be unexpectedly accepted. 19659006] Finally, the update addresses a problem that again showed some user information on a base station after resetting the factory.
The AirPort update can be performed via the AirPort utility on Mac or iOS.