• On GameSpot: Want a Command & Conquer 4 beta key?
advertisementGet Smart about Business Spending
March 20, 2008 9:23 AM PDT

Security fix released for Apple AirPort Extreme Base Station

by Robert Vamosi
  • Font size
  • Print
  • 2 comments

Apple released on Wednesday a security update for the AirPort Extreme Base Station with 802.11n.

The Firmware 7.3.1 update addresses the Apple Filing Protocol (AFP) vulnerability detailed in CVE-2008-1012.

Apple said there is an input validation issue in the way AirPort Extreme Base Station validates AFP requests. A maliciously crafted AFP request may cause file sharing to become unresponsive. This issue does not affect Time Capsule or AirPort Express.

The update for the Fast Ethernet version of Airport Extreme and the Gigabit Ethernet editions is available on from Apple support. Earlier this week Apple released an update for its Safari browser, along with an ominbus security update for Mac OS X.

Apple credits Alex deVries for reporting the AFP vulnerability.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security

Tags:

Security,

Apple,

Airport Extreme,

AFP

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Defense in Depth
Window Snyder to leave Mozilla
How to handle ID fraud's youngest victims
Is white listing going mainstream?
How Live OneCare changed the antivirus landscape
Express Scripts clients threatened with extortion
Study: DDoS attacks threaten ISP infrastructure
Security expert talks Russian gangs, botnets
Extortion used in Express Scripts database breach
Related
Apple Time Capsule, Airport Extreme receive small (possibly significant) upgrades
Apple releases OS X 10.6.2 and Security Update 2009-006
Microsoft patching zero-day Windows 7 SMB hole
Apple updates Safari for security
Apple fixes AirPort problems marring video playback on 27-inch iMacs
Microsoft patches critical hole in Windows kernel
Expert says Adobe Flash policy is risky
Apple plugs holes for domain spoofing, other attacks
Add a Comment (Log in or register)
Update
by jelloburn March 20, 2008 11:00 AM PDT
I know Apple released a new update that enables a USB HDD
plugged into an Airport Extreme being usable as a Time Machine
drive and that was released through software update. Is this the
same one?

If it is, this is the most biased reporting I have ever read.
Reply to this comment
yeah, that's it
by Dalkorian March 21, 2008 10:03 AM PDT
http://www.macworld.com/article/132613/2008/03/airporttime.h
tml

It would be fair to mention that the update mentioned the security
improvements, but seemed to ignore the functionality
improvement. It may not necessarily be Robert's fault.
advertisement

A CNET Conversation with Eric Schmidt

CNET's Tom Krazit and Molly Wood sit down with Google CEO Eric Schmidt to discuss the future of Android, the Chrome OS, the problem of real-time search indexing, and more.

Verizon tests sending RIAA copyright notices

The No. 2 phone company, known for its reluctance to intervene in antipiracy cases, strikes an agreement to forward copyright notices on behalf of the music industry.

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET