April 9, 2007 4:48 PM PDT

Apple's AirPort Extreme can pose security risk

Apple on Monday released a software update that addresses a pair of security problems in the company's latest AirPort Extreme base station.

The update, available for download from Apple's Web site, tightens the default configuration of the AirPort Extreme Base Station with 802.11n, Apple said in a security alert. The update also fixes a security flaw that exposes file names on a password-protected disk attached to the device, Apple said.

The default configuration of the Apple base station allows incoming IPv6 connections. This may expose network services on hosts connected to the device to remote attackers, Apple said. IPv6 is the next version of the Internet Protocol designed to support a broader range of IP addresses as the IP version 4 addresses currently in use become scarce.

"This update addresses the issue by changing the default setting to limit inbound IPv6 traffic to the local network," the Mac maker said.

The second issue relates to AirPort Disk, a feature of which allows network users to share storage space on a USB disk connected to the base station. Airport Disk has a password protection feature, but that doesn't protect file names, Apple said.

"An issue in the AirPort Disk feature allows users on the local network to view file names--but not their contents--on a password-protected disk without providing a password," Apple said. The software update fixes that problem, the company said.

Both issues only affect the AirPort Extreme Base Station with 802.11n, a wireless router Apple introduced in January at Macworld in San Francisco. The software download, which updates the device's firmware, can be installed through the Airport Utility.

See more CNET content tagged:
IPv6, Apple Computer, IEEE 802.11n, password, IP

36 comments

Join the conversation!
Add your comment
I thought Macs were secure
Well that bursts the bubble on Mac security. After I read this I traded my iMac in for a shiny new HP computer running Windows Vista Ultimate.
Posted by ewsachse (663 comments )
Reply Link Flag
Mindless Troll Alert!
Please do not feed!
Posted by kelgraff (22 comments )
Link Flag
Right on...
That was awesome. Heh heh heh...
Posted by mhersh (78 comments )
Link Flag
Story is about the Airport Extreme, not Mac
Airports are just the hardware network interface and don't have to do with the Mac itself. The Mac is just as secure as it ever was- which is to say it's just as vulnerable as it ever was.

Apple found a problem with the device and released a patch. Why is this a problem? Microsoft does it frequently and people bite them for it. Can't Apple be applauded for being responsible too?
Posted by Vegaman_Dan (6683 comments )
Link Flag
Story is about the Airport Extreme, not Mac
Airports are just the hardware network interface and don't have to do with the Mac itself. The Mac is just as secure as it ever was- which is to say it's just as vulnerable as it ever was.

Apple found a problem with the device and released a patch. Why is this a problem? Microsoft does it frequently and people bite them for it. Can't Apple be applauded for being responsible too?
Posted by Vegaman_Dan (6683 comments )
Link Flag
Secure?
A device is only as secure as its user. The only secure computer is one left in the box and never used. The magical "Secure" OS or Computer will never be a reality. There are things that can be done to slow a would be hacker. Don't save your passwords in your browsers. Don't Keep Tax or personal information on a computer.
Another way to look at it is: Encryption can be broken and so can that pane of glass that you call a window in your house.
Posted by Astinsan (132 comments )
Link Flag
They are! when you uh...
...patch the vulnerabilities. You know.. like every other computer out there?

Heh, in all seriousness, just goes to show that no computer is ever 'invicible'. Some may be better than others on average, but everybody needs to take percautions with security. Macs I believe are a false sense of security sometimes, although it's hard to argue that they're as vulnerable as Windows machines, generally speaking. But users need to constantly update everything in order to take advantage of that! The odd vulnerability still comes about every once in awhile.
Posted by DraconumPB (229 comments )
Link Flag
C|Net = Apple Trolls
Nowhere else is a story about proactively patching security flaws
treated as a "security risk" story.

When Microsoft patches flaws, the headline is just that - "Microsoft
Patches Tons of Vulnerabilities".

It's the first time I've visited this site in months - and I've arrived to
see more of the inflammatory tripe that C|Net used to be famous
for.
Posted by Hep Cat (440 comments )
Reply Link Flag
Well not quite...
They do the same to Microsoft:

"Windows Cursor Patch Causing Trouble"
"Cursor Flaw Gives Vista Security a Black Eye"
"Cursor Hole puts Windows PCs at Risk"
"Cybercrooks add Windows Flaw to arsenal"

Along with a few others that put MS in a negative light, as if they need help.
Posted by mbjr (64 comments )
Link Flag
Typical CNET
This Apple product can be hacked! Wait, it's already been fixed.

Morons.

Who writes this ****, Devorak?
Posted by mhersh (78 comments )
Reply Link Flag
So
is the wireless that you already have but need to pay more to turn on? So you are paying for security risk?

Fix the problem.....get Vista and join the rest of the computing world:)
Posted by Lindy01 (443 comments )
Reply Link Flag
No
"So is the wireless that you already have but need to pay more to
turn on?"

Nice try, but no. If you buy the Airport Extreme it comes with all
the software you need to enable "n" for free.

"So you are paying for security risk?"

No, you are not.

"Fix the problem.....get Vista and join the rest of the computing
world:)"

Fix the problem, yes. Get Vista, no. Have a nice day.
Posted by lesfilip (496 comments )
Link Flag
So, maybe I should secure my network?
Gee, I've got a new Airport Extreme. Does this mean that other people can actually connect to my wireless network? Maybe I should turn on WPA encryption, hide my SSID, and Software Update install the patch that came out a week or two ago.

Wait a minute. I secured my network with about two mouse clicks when I installed the new Airport Extreme! And Software Update runs automatically.

Guess anyone wanting to screw around will probably jump on to Leet-1, Linksys, Boobie Trap, DLink, or one of the other unsecured networks in my neighborhood. (Leet-01 has two XP machines, Linksys has an XP box, and what appears to be a W2K laptop, Boobie Trap is running Vista and has an XBox)

Thanks for the warning.
Posted by rcrusoe (1305 comments )
Reply Link Flag
Proving once again.....
That security for a Mac is nothing but obscurity and lack of market share. None of the people around you would know how to attack your vulnerability because they have never and probably will never own a Mac.
It would be like moving to the south pole to avoid nuclear war.
Posted by Lindy01 (443 comments )
Link Flag
End use ignorance
All you've proven is that you know enough to secure your network. What you haven't done is to show that you care enough to help your neighbors out and would rather ignore the problem than do anything about it.

Good job! Just how deep are your fingers stuck in your ears again? Hello? Can you hear me? Helllllooooooo?
Posted by Vegaman_Dan (6683 comments )
Link Flag
Please keep your trolling elsewhere
What does this have to with a Mac and the market share that the Mac has? This is about a wireless router, not a personal computing platform.
Posted by OscarWeb (76 comments )
Reply Link Flag
Because it's Apple
People will live to post negative things about Apple, Microsoft, Linux, etc. How long will it be before someone tries to blame all of this on Microsoft? That's one of the common arguments and it has nothing to do with the story either.

Sometimes people don't want the five minute argument but instead are here for the whole hour.
Posted by Vegaman_Dan (6683 comments )
Link Flag
Because it's Apple
People will live to post negative things about Apple, Microsoft, Linux, etc. How long will it be before someone tries to blame all of this on Microsoft? That's one of the common arguments and it has nothing to do with the story either.

Sometimes people don't want the five minute argument but instead are here for the whole hour.
Posted by Vegaman_Dan (6683 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.