Apple Releases AirPort Extreme and Time Capsule Firmware Update 7.7.3 With Heartbleed Fix

[RMo]

What about people using the guest network feature, e.g. small shop owners?

Well, this only affects Back to My Mac. If that is disabled, this won't matter; if it is enabled, Macworld reports that the worst that could happen is someone gaining access to the computer's or router's logon screen. The Heartbleed-esque "leak" of passwords doesn't seem to be a possibility, but even if it were, I suspect the fact that the guest network is a separate vLAN would help immensely (although maybe that would really only protect the clients from one another...).

Totally agree. We did not know that this model was affected until the fix was released. Suspect, we wont know if the older model is affected until the fix is released. As for those saying that the affected version of OpenSSL was not around when the older models were released. The OpenSSL version with the problem has been around for two years.

I don't know: Apple says, "this vulnerability only impacts recent Airport devices that have the Back to My Mac feature enabled. Customers with previous generation AirPort Extreme and AirPort Time Capsules do not need to update their base stations." While the second sentence alone could be consistent with what you said (in that they could mean "...at this time"), the first seems to indicate that Apple doesn't think it is affected by this problem.

As for the OpenSSL version, the fact that it was released before Apple released a product doesn't mean anything. They aren't obligated to use 1.0.1 just because it was released; OpenSSL is still providing updates for 1.0.0 and 0.9.8, the latter of which I believe Apple was still using in products that did use OpenSSL but are not affected. I don't think Apple has been very clear that this vulnerability is, in fact, Heartbleed, but if it is, it isn't too unreasonable to assume that they would not be affected for this reason.

 

[teknikal90]

OS X, iOS, and Airport Time Capsule all updated!

went home, updated mac os x
downloaded ios update and once done, started the time capsule update
once ios update finished, time capsule update did too.
all in all took about 10 minutes.

up to date yay

 

[SmileyBlast!]

Thanks for the news about this update MacRumors!

 

[AriX]

Airport doesn't ship with OS X or iOS. The OS is http://en.wikipedia.org/wiki/VxWorks and outsourced. I do believe that they should have fixed the issue faster but it should be because they should include iOS with Airport and have complete control and not because they "don't read the news'.

Actually Apple's AirPort base stations all run NetBSD. Only older AirPort devices ran VxWorks. The Extreme and Time Capsule are ARM-based, whereas the AirPort Express uses a MIPS processor.

See http://theairportwiki.com

 

[mfvisuals]

Did you read the article?

Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue.

LOL, I noticed after you posted this that several more people asked the same question again. I'm starting to see a major reading comprehension issue with MacRumors forum commenters recently.

I can't decide if this concerns or amuses me...

 

[MagnusVonMagnum]

Gee, I thought Apple claimed that NONE of their products or services were affected by Heartbleed just a week or so ago....

I can't help but wonder about the security update for Mavericks I just installed and whether that unaffected non-issue was one of the fixes they don't bother to explain.

 

[steve123]

About midnight last night I noticed all of my airports and time capsules started blinking yellow. When I looked, there is a generic message that the AppleID is not valid.

I reentered the password on one of the airport express units and it seemed to authenticate but then started blinking yellow again a short while later.

Is this related?

I also noticed that I no longer have BTMM access to my remote machines from any of my macs. So, this issues appears to be affecting more than just my airports.

 

[10smom]

No option to update

Went to airport utility and clicked on version for time capsule and says it is 7.6.3 . There is no option to update to 7.7.3 How do I override and force the update?

 

[kolax]

I think it took Apple far too long to fix this.

I work in IT, and we patched our work servers with the fix right away and we didn't care if it broke some functionality with our hosted websites/services, because security > functionality.

Sure, Apple wants to make sure they don't break things by implementing the bug fix, but they clearly had priorities with newer versions of iOS and OS X rather than security or they would've had this out a lot sooner.

I use Tomato builds for my routers, and the distros there were patched very quickly. I can't see what Apple would need to do that would take so long to fix this other than considering it low priority.

 

[maflynn]

[MOD NOTE]
Stop the bickering and get back on topic.

 

[jnlauderdale]

[url=http://cdn.macrumors.com/im/macrumorsthreadlogodarkd.png]Image[/url]

Image​

Apple today released AirPort Extreme and AirPort Time Capsule Firmware Update 7.7.3 for AirPorts with 802.11ac. The update includes security improvements related to SSL/TLS.
Earlier this month, an OpenSSL bug known as Heartbleed made headlines, with Apple releasing a statement noting that iOS, OS X, and its "key web services" were unaffected by the security flaw, but it appears that the company's AirPort Extreme and AirPort Time Capsule were vulnerable.

The 7.7.3 update is recommended for all models of the AirPort Extreme and Time Capsule that support 802.11ac Wi-Fi, other AirPort base stations do not need to be updated.

Article Link: Apple Releases AirPort Extreme and Time Capsule Firmware Update 7.7.3 With Heartbleed Fix

My router qualifies, but I download so much to this machine that I don't recall if I downloaded this particular fix. Was it an automatic download? How would I know? It's not listed in any download file and it doesn't show up on the screen that shows the last 90 days of downloads; when I go to the Support page for the download there is no hyperllnk activated in the window reserved for the fix, only a description.

 

[gc916]

My router qualifies, but I download so much to this machine that I don't recall if I downloaded this particular fix. Was it an automatic download? How would I know?

Open AirPort Utility and click on the icon for your AE. The currently installed firmware version will be displayed, as shown on the attached screenshot.

If an update is needed, you should also see a red circle beside your AE icon in Airport Utility.

 

[jnlauderdale]

Thanks for your help.

 

[myname70]

.