Apple's AirPort Extreme can pose security risk

Apple on Monday released a software update that addresses a pair of security problems in the company's latest AirPort Extreme base station.

The update, available for download from Apple's Web site, tightens the default configuration of the AirPort Extreme Base Station with 802.11n, Apple said in a security alert. The update also fixes a security flaw that exposes file names on a password-protected disk attached to the device, Apple said.

The default configuration of the Apple base station allows incoming IPv6 connections. This may expose network services on hosts connected to the device to remote attackers, Apple said. IPv6 is the next version of the Internet Protocol designed to support a broader range of IP addresses as the IP version 4 addresses currently in use become scarce.

"This update addresses the issue by changing the default setting to limit inbound IPv6 traffic to the local network," the Mac maker said.

The second issue relates to AirPort Disk, a feature of which allows network users to share storage space on a USB disk connected to the base station. Airport Disk has a password protection feature, but that doesn't protect file names, Apple said.

"An issue in the AirPort Disk feature allows users on the local network to view file names--but not their contents--on a password-protected disk without providing a password," Apple said. The software update fixes that problem, the company said.

Both issues only affect the AirPort Extreme Base Station with 802.11n, a wireless router Apple introduced in January at Macworld in San Francisco. The software download, which updates the device's firmware, can be installed through the Airport Utility.

[ewsachse]

I thought Macs were secure

Well that bursts the bubble on Mac security. After I read this I traded my iMac in for a shiny new HP computer running Windows Vista Ultimate.

[kelgraff]

Mindless Troll Alert!

Please do not feed!

[mhersh]

Right on...

That was awesome. Heh heh heh...

[Vegaman_Dan]

Story is about the Airport Extreme, not Mac

Airports are just the hardware network interface and don't have to do with the Mac itself. The Mac is just as secure as it ever was- which is to say it's just as vulnerable as it ever was.

Apple found a problem with the device and released a patch. Why is this a problem? Microsoft does it frequently and people bite them for it. Can't Apple be applauded for being responsible too?

[Vegaman_Dan]

Story is about the Airport Extreme, not Mac

Airports are just the hardware network interface and don't have to do with the Mac itself. The Mac is just as secure as it ever was- which is to say it's just as vulnerable as it ever was.

Apple found a problem with the device and released a patch. Why is this a problem? Microsoft does it frequently and people bite them for it. Can't Apple be applauded for being responsible too?

[Astinsan]

Secure?

A device is only as secure as its user. The only secure computer is one left in the box and never used. The magical "Secure" OS or Computer will never be a reality. There are things that can be done to slow a would be hacker. Don't save your passwords in your browsers. Don't Keep Tax or personal information on a computer.
Another way to look at it is: Encryption can be broken and so can that pane of glass that you call a window in your house.

[DraconumPB]

They are! when you uh...

...patch the vulnerabilities. You know.. like every other computer out there?

Heh, in all seriousness, just goes to show that no computer is ever 'invicible'. Some may be better than others on average, but everybody needs to take percautions with security. Macs I believe are a false sense of security sometimes, although it's hard to argue that they're as vulnerable as Windows machines, generally speaking. But users need to constantly update everything in order to take advantage of that! The odd vulnerability still comes about every once in awhile.

[Hep Cat]

C|Net = Apple Trolls

Nowhere else is a story about proactively patching security flaws
treated as a "security risk" story.

When Microsoft patches flaws, the headline is just that - "Microsoft
Patches Tons of Vulnerabilities".

It's the first time I've visited this site in months - and I've arrived to
see more of the inflammatory tripe that C|Net used to be famous
for.

[mbjr]

Well not quite...

They do the same to Microsoft:

"Windows Cursor Patch Causing Trouble"
"Cursor Flaw Gives Vista Security a Black Eye"
"Cursor Hole puts Windows PCs at Risk"
"Cybercrooks add Windows Flaw to arsenal"

Along with a few others that put MS in a negative light, as if they need help.

[mhersh]

Typical CNET

This Apple product can be hacked! Wait, it's already been fixed.

Morons.

Who writes this ****, Devorak?

[Lindy01]

So

is the wireless that you already have but need to pay more to turn on? So you are paying for security risk?

Fix the problem.....get Vista and join the rest of the computing world:)

[lesfilip]

No

"So is the wireless that you already have but need to pay more to
turn on?"

Nice try, but no. If you buy the Airport Extreme it comes with all
the software you need to enable "n" for free.

"So you are paying for security risk?"

No, you are not.

"Fix the problem.....get Vista and join the rest of the computing
world:)"

Fix the problem, yes. Get Vista, no. Have a nice day.

[rcrusoe]

So, maybe I should secure my network?

Gee, I've got a new Airport Extreme. Does this mean that other people can actually connect to my wireless network? Maybe I should turn on WPA encryption, hide my SSID, and Software Update install the patch that came out a week or two ago.

Wait a minute. I secured my network with about two mouse clicks when I installed the new Airport Extreme! And Software Update runs automatically.

Guess anyone wanting to screw around will probably jump on to Leet-1, Linksys, Boobie Trap, DLink, or one of the other unsecured networks in my neighborhood. (Leet-01 has two XP machines, Linksys has an XP box, and what appears to be a W2K laptop, Boobie Trap is running Vista and has an XBox)

Thanks for the warning.

[Lindy01]

Proving once again.....

That security for a Mac is nothing but obscurity and lack of market share. None of the people around you would know how to attack your vulnerability because they have never and probably will never own a Mac.
It would be like moving to the south pole to avoid nuclear war.

[Vegaman_Dan]

End use ignorance

All you've proven is that you know enough to secure your network. What you haven't done is to show that you care enough to help your neighbors out and would rather ignore the problem than do anything about it.

Good job! Just how deep are your fingers stuck in your ears again? Hello? Can you hear me? Helllllooooooo?

[OscarWeb]

Please keep your trolling elsewhere

What does this have to with a Mac and the market share that the Mac has? This is about a wireless router, not a personal computing platform.

[Vegaman_Dan]

Because it's Apple

People will live to post negative things about Apple, Microsoft, Linux, etc. How long will it be before someone tries to blame all of this on Microsoft? That's one of the common arguments and it has nothing to do with the story either.

Sometimes people don't want the five minute argument but instead are here for the whole hour.

[Vegaman_Dan]

Because it's Apple

People will live to post negative things about Apple, Microsoft, Linux, etc. How long will it be before someone tries to blame all of this on Microsoft? That's one of the common arguments and it has nothing to do with the story either.

Sometimes people don't want the five minute argument but instead are here for the whole hour.