Apple patches 802.11n Airports

Security fix covers two holes in base station's software

A new security update from Apple addresses two flaws in the company's Airport Extreme wireless hubs.

The patch only affects the latest 802.11n base stations. 802.11n-equipped notebooks, desktops, and earlier model Airport base stations are not affected.

The more serious of the two vulnerabilities could allow a hacker to access a network and carry out remote attacks. By default, some systems were not configured to block incoming IPv6 traffic, allowing for unsolicited connections to be made without the user's knowledge.

The second of the two vulnerabilities lies within the Airport disk component. This allows for a USB storage device to be connected to the base station and added to the wireless network. If exploited, the vulnerability could allow an attacker to view filenames on the USB disk. The attacker would not, however, be able to open any files or applications.

Macintosh wireless networking components has been the subject of several vulnerability reports in recent months. Last August, a pair of researchers demonstrated an attack on a MacBook Pro using a 3rd-party networking card. In November, security researcher HD Moore revealed an exploit that targeted older Macs. Apple patched Airport-specific vulnerabilities in September and November.

The latest Airport update can be downloaded from Apple's support site.