Firmware Update für Airport Extreme & Time Capsule

• Released May 30, 2019
• Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac

Impact: A remote attacker may be able to leak memory

• Description: An out-of-bounds read was addressed with improved input validation.
• CVE-2019-8581: Lucio Albornoz

Impact: A remote attacker may be able to cause a system denial of service

• Description: A null pointer dereference was addressed with improved input validation.
• CVE-2019-8588: Vince Cali (@0x56)

Impact: A remote attacker may be able to cause a system denial of service

• Description: A denial of service issue was addressed with improved validation.
• CVE-2018-6918: Maxime Villard

Impact: A remote attacker may be able to cause arbitrary code execution

• Description: A use after free issue was addressed with improved memory management.
• CVE-2019-8578: Maxime Villard

Impact: A base station factory reset may not delete all user information

• Description: The issue was addressed with improved data deletion.
• CVE-2019-8575: joshua stein

Impact: An attacker in a privileged position may be able to perform a denial of service attack

• Description: A denial of service issue was addressed with improved memory handling.
• CVE-2019-7291: Maxime Villard

Impact: Source-routed IPv4 packets may be unexpectedly accepted

• Description: Source-routed IPv4 packets were disabled by default.
• CVE-2019-8580: Maxime Villard

Impact: A remote attacker may be able to cause arbitrary code execution

• Description: A null pointer dereference was addressed with improved input validation.
• CVE-2019-8572: Maxime Villard

Quelle

Apple-Support-Dokument zum Firmware-Release