Apple has released new firmware updates for its AirPort Express, AirPort Extreme, and AirPort Time Capsule. The update 7.7.9 is for 802.11ac base stations; 7.6.9 is available for 802.11n base stations. You can manually update your AirPort devices opening the AirPort Utility on macOS or iOS. Just select your AirPort device and click Update.
After over two months, today's updates finally bring fixes to several security issues, including the devastating KRACK vulnerabilities. KRACK can allow attackers to exploit WPA2 protocol to decrypt network traffic and essentially read everything, including passwords. More details about KRACK and Broadpwn are available in our earlier posts.
AirPort Base Station Firmware Update 7.6.9 and 7.7.9
Apple has now released the security notes for today's releases. Here's everything that has been addressed with today's security updates.
AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
AirPort Base Station Firmware Update 7.7.9 fixes one additional security bug:
AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence
About the author: Rafia joined Wccftech in 2012 as a tech reporter. She is currently working on stories focusing on people and technologies that are turning Microsoft into a “company to watch” again. She is also responsible for collaborating with tech makers and e-commerce platforms to bring annoying but tempting deals to our readers.
Follow Wccftech on Google to get more of our news coverage in your feeds.
