Version: 2008

April 9, 2007 4:48 PM PDT

Apple's AirPort Extreme can pose security risk

By Joris Evers
Staff Writer, CNET News

  • 36 comments
Related Stories

Apple's 802.11n software now available

 January 30, 2007

Apple to charge for faster Wi-Fi

 January 18, 2007

Group to certify prestandard Wi-Fi gear

 August 28, 2006
Apple on Monday released a software update that addresses a pair of security problems in the company's latest AirPort Extreme base station.

The update, available for download from Apple's Web site, tightens the default configuration of the AirPort Extreme Base Station with 802.11n, Apple said in a security alert. The update also fixes a security flaw that exposes file names on a password-protected disk attached to the device, Apple said.

The default configuration of the Apple base station allows incoming IPv6 connections. This may expose network services on hosts connected to the device to remote attackers, Apple said. IPv6 is the next version of the Internet Protocol designed to support a broader range of IP addresses as the IP version 4 addresses currently in use become scarce.

"This update addresses the issue by changing the default setting to limit inbound IPv6 traffic to the local network," the Mac maker said.

The second issue relates to AirPort Disk, a feature of which allows network users to share storage space on a USB disk connected to the base station. Airport Disk has a password protection feature, but that doesn't protect file names, Apple said.

"An issue in the AirPort Disk feature allows users on the local network to view file names--but not their contents--on a password-protected disk without providing a password," Apple said. The software update fixes that problem, the company said.

Both issues only affect the AirPort Extreme Base Station with 802.11n, a wireless router Apple introduced in January at Macworld in San Francisco. The software download, which updates the device's firmware, can be installed through the Airport Utility.

See more CNET content tagged:
IPv6, Apple Computer, IEEE 802.11n, password, IP

Add a Comment (Log in or register) (36 Comments)
  • prev
  • 1
  • next
I thought Macs were secure
by ewsachse April 9, 2007 5:35 PM PDT
Well that bursts the bubble on Mac security. After I read this I traded my iMac in for a shiny new HP computer running Windows Vista Ultimate.
Reply to this comment
Mindless Troll Alert!
by kelgraff April 9, 2007 6:10 PM PDT
Please do not feed!
View all 2 replies
Right on...
by mhersh April 9, 2007 7:00 PM PDT
That was awesome. Heh heh heh...
Story is about the Airport Extreme, not Mac
by Vegaman_Dan April 10, 2007 8:19 AM PDT
Airports are just the hardware network interface and don't have to do with the Mac itself. The Mac is just as secure as it ever was- which is to say it's just as vulnerable as it ever was.

Apple found a problem with the device and released a patch. Why is this a problem? Microsoft does it frequently and people bite them for it. Can't Apple be applauded for being responsible too?
View reply
Story is about the Airport Extreme, not Mac
by Vegaman_Dan April 10, 2007 8:19 AM PDT
Airports are just the hardware network interface and don't have to do with the Mac itself. The Mac is just as secure as it ever was- which is to say it's just as vulnerable as it ever was.

Apple found a problem with the device and released a patch. Why is this a problem? Microsoft does it frequently and people bite them for it. Can't Apple be applauded for being responsible too?
Secure?
by Astinsan April 10, 2007 11:09 AM PDT
A device is only as secure as its user. The only secure computer is one left in the box and never used. The magical "Secure" OS or Computer will never be a reality. There are things that can be done to slow a would be hacker. Don't save your passwords in your browsers. Don't Keep Tax or personal information on a computer.
Another way to look at it is: Encryption can be broken and so can that pane of glass that you call a window in your house.
They are! when you uh...
by DraconumPB April 12, 2007 1:20 PM PDT
...patch the vulnerabilities. You know.. like every other computer out there?

Heh, in all seriousness, just goes to show that no computer is ever 'invicible'. Some may be better than others on average, but everybody needs to take percautions with security. Macs I believe are a false sense of security sometimes, although it's hard to argue that they're as vulnerable as Windows machines, generally speaking. But users need to constantly update everything in order to take advantage of that! The odd vulnerability still comes about every once in awhile.
C|Net = Apple Trolls
by Hep Cat April 9, 2007 6:45 PM PDT
Nowhere else is a story about proactively patching security flaws
treated as a "security risk" story.

When Microsoft patches flaws, the headline is just that - "Microsoft
Patches Tons of Vulnerabilities".

It's the first time I've visited this site in months - and I've arrived to
see more of the inflammatory tripe that C|Net used to be famous
for.
Reply to this comment
Well not quite...
by mbjr April 10, 2007 6:07 AM PDT
They do the same to Microsoft:

"Windows Cursor Patch Causing Trouble"
"Cursor Flaw Gives Vista Security a Black Eye"
"Cursor Hole puts Windows PCs at Risk"
"Cybercrooks add Windows Flaw to arsenal"

Along with a few others that put MS in a negative light, as if they need help.
View all 2 replies
Typical CNET
by mhersh April 9, 2007 6:57 PM PDT
This Apple product can be hacked! Wait, it's already been fixed.

Morons.

Who writes this ****, Devorak?
Reply to this comment
So
by Lindy01 April 9, 2007 8:48 PM PDT
is the wireless that you already have but need to pay more to turn on? So you are paying for security risk?

Fix the problem.....get Vista and join the rest of the computing world:)
Reply to this comment
No
by lesfilip April 9, 2007 9:27 PM PDT
"So is the wireless that you already have but need to pay more to
turn on?"

Nice try, but no. If you buy the Airport Extreme it comes with all
the software you need to enable "n" for free.

"So you are paying for security risk?"

No, you are not.

"Fix the problem.....get Vista and join the rest of the computing
world:)"

Fix the problem, yes. Get Vista, no. Have a nice day.
View all 2 replies
So, maybe I should secure my network?
by rcrusoe April 10, 2007 1:54 AM PDT
Gee, I've got a new Airport Extreme. Does this mean that other people can actually connect to my wireless network? Maybe I should turn on WPA encryption, hide my SSID, and Software Update install the patch that came out a week or two ago.

Wait a minute. I secured my network with about two mouse clicks when I installed the new Airport Extreme! And Software Update runs automatically.

Guess anyone wanting to screw around will probably jump on to Leet-1, Linksys, Boobie Trap, DLink, or one of the other unsecured networks in my neighborhood. (Leet-01 has two XP machines, Linksys has an XP box, and what appears to be a W2K laptop, Boobie Trap is running Vista and has an XBox)

Thanks for the warning.
Reply to this comment
Proving once again.....
by Lindy01 April 10, 2007 3:17 AM PDT
That security for a Mac is nothing but obscurity and lack of market share. None of the people around you would know how to attack your vulnerability because they have never and probably will never own a Mac.
It would be like moving to the south pole to avoid nuclear war.
View reply
End use ignorance
by Vegaman_Dan April 10, 2007 8:25 AM PDT
All you've proven is that you know enough to secure your network. What you haven't done is to show that you care enough to help your neighbors out and would rather ignore the problem than do anything about it.

Good job! Just how deep are your fingers stuck in your ears again? Hello? Can you hear me? Helllllooooooo?
View reply
Please keep your trolling elsewhere
by OscarWeb April 10, 2007 8:28 AM PDT
What does this have to with a Mac and the market share that the Mac has? This is about a wireless router, not a personal computing platform.
Reply to this comment
Because it's Apple
by Vegaman_Dan April 10, 2007 9:50 AM PDT
People will live to post negative things about Apple, Microsoft, Linux, etc. How long will it be before someone tries to blame all of this on Microsoft? That's one of the common arguments and it has nothing to do with the story either.

Sometimes people don't want the five minute argument but instead are here for the whole hour.
Because it's Apple
by Vegaman_Dan April 10, 2007 9:50 AM PDT
People will live to post negative things about Apple, Microsoft, Linux, etc. How long will it be before someone tries to blame all of this on Microsoft? That's one of the common arguments and it has nothing to do with the story either.

Sometimes people don't want the five minute argument but instead are here for the whole hour.
View reply
(36 Comments)
  • prev
  • 1
  • next
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Apple (0.00%) 0.00 210.73
Dow Jones Industrials (0.00%) 0.00 10,428.05
S&P 500 (0.00%) 0.00 1,115.10
NASDAQ (0.00%) 0.00 2,269.15
CNET TECH (0.00%) 0.00 1,646.41
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET