Firmware Update für Airport Extreme & Time Capsule

Apple hat heute Sicherheitsupdates für seine Router AirPort Extreme und Time Capsule, welche den WiFi-Standard 802.11ac unterstützen, veröffentlicht. Auch wenn sich diese Geräte schon einige Zeit nicht mehr im Verkauf befinden, ist es erfreulich, dass Apple sich noch um diese kümmert. Mit diesem Update werden einige Sicherheitslücken geschlossen, ein zeitnahes Update wird daher empfohlen.

Details

AirPort Base Station Firmware Update 7.9.1

  • Released May 30, 2019
  • Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac

Impact: A remote attacker may be able to leak memory

  • Description: An out-of-bounds read was addressed with improved input validation.
  • CVE-2019-8581: Lucio Albornoz

Impact: A remote attacker may be able to cause a system denial of service

  • Description: A null pointer dereference was addressed with improved input validation.
  • CVE-2019-8588: Vince Cali (@0x56)

Impact: A remote attacker may be able to cause a system denial of service

  • Description: A denial of service issue was addressed with improved validation.
  • CVE-2018-6918: Maxime Villard

Impact: A remote attacker may be able to cause arbitrary code execution

  • Description: A use after free issue was addressed with improved memory management.
  • CVE-2019-8578: Maxime Villard

Impact: A base station factory reset may not delete all user information

  • Description: The issue was addressed with improved data deletion.
  • CVE-2019-8575: joshua stein

Impact: An attacker in a privileged position may be able to perform a denial of service attack

  • Description: A denial of service issue was addressed with improved memory handling.
  • CVE-2019-7291: Maxime Villard

Impact: Source-routed IPv4 packets may be unexpectedly accepted

  • Description: Source-routed IPv4 packets were disabled by default.
  • CVE-2019-8580: Maxime Villard

Impact: A remote attacker may be able to cause arbitrary code execution

  • Description: A null pointer dereference was addressed with improved input validation.
  • CVE-2019-8572: Maxime Villard

Quelle

Apple-Support-Dokument zum Firmware-Release