Categories: Security

Apple Patches ‘Critical’ AirPort Router Bug

Apple has published a patch for what it called a critical security bug in its AirPort and AirPort Extreme Wi-Fi routers, with security researchers recommending users install the update immediately.

Apple didn’t disclose any information about the bug, other than to state that it could allow a remote attacker to execute malicious code on a device. Routers can be a particularly attractive target for hackers as they can compromise an entire network and can be difficult to detect.

Memory corruption

The bug was caused by a memory corruption error in the firmware’s DNS data parsing, and was fixed through improved bounds checking, Apple said in an advisory.

The vulnerability has the designation CVE-2015-7029, but the Common Vulnerabilities and Exposures (CVE) database states only that the bug was reported more than nine months ago.

The firmware update version 7.6.7 and 7.7.7 is available for AirPort Express, AirPort Extreme and AirPort Time Capsule base stations with 802.11n and AirPort Extreme and AirPort Time Capsule base stations with 802.11ac, Apple said.

Given the severity attributed to the bug by Apple, computer security researchers said the issue is likely to be exploitable via malformed DNS replies sent to an AirPort router.

“We think (that is) probably the sort of bug that Apple is talking about here,” said Sophos researcher Paul Ducklin. “You almost always want your router to perform requests to the outside as part of the service it provides to your internal network, so most routers are set up to work this way.”

Automatic infection

He said such a vulnerability could be exploited using a booby-trapped DNS server by sending the target some content, such as a web page, containing a reference to the malicious domain.

The target router’s query would be sent by the global DNS system to the malicious domain, which would send a reply formed in such a way as to exploit the bug, thus potentially compromising the entire network, Ducklin said.

“Remote code execution bugs are always worth fixing, especially if they can be triggered by apparently innocent and unexceptional network activity that happens automatically, without users needing to click through any warning dialogs,” he wrote.

The updates for standard AirPort, AirportExtreme and AirPort Time Capsule devices/ are available from Apple’s website.

Router danger

Last year researchers discovered an attack successfully carried out in the wild that involved taking over a Cisco router and replacing its entire operating system, effectively granting unrestricted access to the network.

The attack, which involves replacing the operating system image embedded in the router’s firmware with a modified version that grants control to an attacker, was previously believed to be “theoretical in nature and especially in use”, according to FireEye’s Mandiant unit, which discovered the malicious system images.

FireEye said it found at least 14 such router implants, using a firmware modification it called “SYNful Knock”, spread across the Ukraine, the Philippines, Mexico and India, but said at the time it was likely that there were more compromised routers that remained undiscovered.

Take our Apple quiz here!

RESEARCH: Who will benefit most from the Internet of Things (IoT)?

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Brazil Unfreezes Starlink, X Bank Accounts After Funds Transfer

Judge orders X, Starlink bank accounts unfrozen after $3.3m transfer pays off fines imposed on…

17 hours ago

Uber To Offer Waymo Robotaxi Rides In Austin, Atlanta

Uber expands deal with Waymo from Phoenix to Austin, Texas and Atlanta as it faces…

17 hours ago

GenAI Shopping: Revolutionising Retail Experiences

Discover how Generative AI is transforming the retail experience with personalised interactions, AI-powered search, and…

17 hours ago

US House Passes Bill Targeting Chinese EV Battery Tech

US House of Representatives passes bill restricting tax credits for electric vehicles using battery technology…

18 hours ago

NASA Mission To Jupiter’s Europa Gets Go-Ahead

NASA to launch 'Europa Clipper' mission to Jupiter's moon Europa next month as it seeks…

18 hours ago

Police Arrest Youth Over London Transport Hack

National Crime Agency arrests 17-year-old in Walsall over hack of Transport for London that compromised…

19 hours ago