Apple hat heute Sicherheitsupdates für seine Router AirPort Extreme und Time Capsule, welche den WiFi-Standard 802.11ac unterstützen, veröffentlicht. Auch wenn sich diese Geräte schon einige Zeit nicht mehr im Verkauf befinden, ist es erfreulich, dass Apple sich noch um diese kümmert. Mit diesem Update werden einige Sicherheitslücken geschlossen, ein zeitnahes Update wird daher empfohlen.
Details
AirPort Base Station Firmware Update 7.9.1
- Released May 30, 2019
- Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: A remote attacker may be able to leak memory
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2019-8581: Lucio Albornoz
Impact: A remote attacker may be able to cause a system denial of service
- Description: A null pointer dereference was addressed with improved input validation.
- CVE-2019-8588: Vince Cali (@0x56)
Impact: A remote attacker may be able to cause a system denial of service
- Description: A denial of service issue was addressed with improved validation.
- CVE-2018-6918: Maxime Villard
Impact: A remote attacker may be able to cause arbitrary code execution
- Description: A use after free issue was addressed with improved memory management.
- CVE-2019-8578: Maxime Villard
Impact: A base station factory reset may not delete all user information
- Description: The issue was addressed with improved data deletion.
- CVE-2019-8575: joshua stein
Impact: An attacker in a privileged position may be able to perform a denial of service attack
- Description: A denial of service issue was addressed with improved memory handling.
- CVE-2019-7291: Maxime Villard
Impact: Source-routed IPv4 packets may be unexpectedly accepted
- Description: Source-routed IPv4 packets were disabled by default.
- CVE-2019-8580: Maxime Villard
Impact: A remote attacker may be able to cause arbitrary code execution
- Description: A null pointer dereference was addressed with improved input validation.
- CVE-2019-8572: Maxime Villard
Quelle
Apple-Support-Dokument zum Firmware-Release