Apple's AirPort Extreme can pose security risk

By Joris Evers
Staff Writer, CNET News.com Published: April 9, 2007 4:48 PM PDT

Tools

Related Stories: Apple's 802.11n software now available
January 30, 2007; Apple to charge for faster Wi-Fi
January 18, 2007; Group to certify prestandard Wi-Fi gear
August 28, 2006

Apple on Monday released a software update that addresses a pair of security problems in the company's latest AirPort Extreme base station.

The update, available for download from Apple's Web site, tightens the default configuration of the AirPort Extreme Base Station with 802.11n, Apple said in a security alert. The update also fixes a security flaw that exposes file names on a password-protected disk attached to the device, Apple said.

The default configuration of the Apple base station allows incoming IPv6 connections. This may expose network services on hosts connected to the device to remote attackers, Apple said. IPv6 is the next version of the Internet Protocol designed to support a broader range of IP addresses as the IP version 4 addresses currently in use become scarce.

"This update addresses the issue by changing the default setting to limit inbound IPv6 traffic to the local network," the Mac maker said.

The second issue relates to AirPort Disk, a feature of which allows network users to share storage space on a USB disk connected to the base station. Airport Disk has a password protection feature, but that doesn't protect file names, Apple said.

"An issue in the AirPort Disk feature allows users on the local network to view file names--but not their contents--on a password-protected disk without providing a password," Apple said. The software update fixes that problem, the company said.

Both issues only affect the AirPort Extreme Base Station with 802.11n, a wireless router Apple introduced in January at Macworld in San Francisco. The software download, which updates the device's firmware, can be installed through the Airport Utility.

More from News.com on this story's topics: Mac OS
Create an email alert | RSS feed; Security
Create an email alert | RSS feed; Patches
RSS feed; Flaws
RSS feed; Apple
Create an email alert | RSS feed

See more CNET content tagged:
IPv6, Apple Computer, IEEE 802.11n, firmware, password

Add a Comment (Log in or register) 36 comments (Page 1 of 1)

I thought Macs were secure
by ewsachse April 9, 2007 5:35 PM PDT: Well that bursts the bubble on Mac security. After I read this I traded my iMac in for a shiny new HP computer running Windows Vista Ultimate.; Reply to this comment View all 6 replies
Processing

C|Net = Apple Trolls
by Hep Cat April 9, 2007 6:45 PM PDT: Nowhere else is a story about proactively patching security flaws
treated as a "security risk" story.

When Microsoft patches flaws, the headline is just that - "Microsoft
Patches Tons of Vulnerabilities".

It's the first time I've visited this site in months - and I've arrived to
see more of the inflammatory tripe that C|Net used to be famous
for.; Reply to this comment View reply
Processing

Typical CNET
by mhersh April 9, 2007 6:57 PM PDT: This Apple product can be hacked! Wait, it's already been fixed.

Morons.

Who writes this ****, Devorak?; Reply to this comment

So
by Lindy01 April 9, 2007 8:48 PM PDT: is the wireless that you already have but need to pay more to turn on? So you are paying for security risk?

Fix the problem.....get Vista and join the rest of the computing world:); Reply to this comment View reply
Processing

So, maybe I should secure my network?
by rcrusoe April 10, 2007 1:54 AM PDT: Gee, I've got a new Airport Extreme. Does this mean that other people can actually connect to my wireless network? Maybe I should turn on WPA encryption, hide my SSID, and Software Update install the patch that came out a week or two ago.

Wait a minute. I secured my network with about two mouse clicks when I installed the new Airport Extreme! And Software Update runs automatically.

Guess anyone wanting to screw around will probably jump on to Leet-1, Linksys, Boobie Trap, DLink, or one of the other unsecured networks in my neighborhood. (Leet-01 has two XP machines, Linksys has an XP box, and what appears to be a W2K laptop, Boobie Trap is running Vista and has an XBox)

Thanks for the warning.; Reply to this comment View all 2 replies
Processing

Please keep your trolling elsewhere
by OscarWeb April 10, 2007 8:28 AM PDT: What does this have to with a Mac and the market share that the Mac has? This is about a wireless router, not a personal computing platform.; Reply to this comment View all 2 replies
Processing

RSS Feeds: Add headlines from CNET News.com to your homepage or feedreader.; Google; Yahoo; MSN; More feeds available in our RSS feed index.

Latest tech news headlines

eBay to lower sellers' fixed-price fees
Posted in News - Digital Media by Steven Musil

August 19, 2008 11:00 PM PDT
Big Blue's latest big dollar bet on cloud computing
Posted in Coop's Corner by Charles Cooper

August 19, 2008 9:22 PM PDT
Salesforce broadens platform with call center buy
Posted in News - Business Tech by Mike Ricciuti

August 19, 2008 9:01 PM PDT

Most Popular Stories: FCC approval suggests November Android debut; Apple willing to replace any smoking first-gen iPod Nanos; Debate rages over free wireless spectrum; Palm leaks Treo Pro photos and videos; Judge lifts MIT students' card-hacking gag order

Markets: Apple (-1.06%) -1.86 173.53; Dow Jones Industrials (-1.14%) -130.84 11,348.55; S&P 500 (-0.93%) -11.91 1,266.69; NASDAQ (0.00%) 0.00 1,816.15; CNET TECH (-1.39%) -22.86 1,626.36

Welcome (log out) |View profile

On MovieTome: DiCaprio Vs. Crowe in BODY OF LIES!

Change your game with AT&T

Apple's AirPort Extreme can pose security risk

Mac OS

Security

Patches

Flaws

Apple

Report offensive content:

E-mail this comment to a friend.

Latest tech news headlines