About the security content of Time Capsule and AirPort Base Station (802.11n*) Firmware 7.4.1

This document describes the security content of Time Capsule and AirPort Base Station (802.11n*) Firmware 7.4.1.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Time Capsule and AirPort Base Station (802.11n*) Firmware 7.4.1

  • CVE-ID: CVE-2008-2476

    Available for: AirPort Extreme Base Station with 802.11n*, AirPort Express Base Station with 802.11n*, Time Capsule

    Impact: A remote user may be able to cause a denial of service attack, observe private network traffic, or inject forged packets

    Description: The IPv6 Neighbor Discovery Protocol implementation does not validate the origin of Neighbor Discovery messages. By sending a maliciously crafted message, a remote user may cause a denial of service, observe private network traffic, or inject forged packets. This update addresses the issue by performing additional validation of Neighbor Discovery messages.

  • CVE-ID: CVE-2008-3584

    Available for: AirPort Extreme Base Station with 802.11n*, AirPort Express Base Station with 802.11n*, Time Capsule

    Impact: A user on the local network may be able to cause an unexpected device shutdown

    Description: An out-of-bounds memory access issue exists in the handling of PPPoE discovery packets. By sending a maliciously crafted PPPoE discovery packet, a remote user may be able to cause an unexpected device shutdown. This update addresses the issue through improved bounds checking.

  • CVE-ID: CVE-2008-3530

    Available for: AirPort Extreme Base Station with 802.11n*, AirPort Express Base Station with 802.11n*, Time Capsule

    Impact: A remote user may be able to cause an unexpected device shutdown

    Description: When IPv6 support is enabled, IPv6 nodes use ICMPv6 to report errors encountered while processing packets. An implementation issue in the handling of incoming ICMPv6 "Packet Too Big" messages may cause an unexpected device shutdown. This update addresses the issue through improved handling of ICMPv6 messages.

Installation note for firmware version 7.4.1

Firmware version 7.4.1 is installed into Time Capsule or AirPort Base Station with 802.11n* via AirPort Utility, provided with the device.

AirPort Utility 5.4.1 or later should be installed before upgrading to firmware version 7.4.1. AirPort Utility 5.4.1 or later may be obtained through the Apple Support Downloads site: http://www.apple.com/support/downloads/

(*) Based on an IEEE 802.11n draft specification.

Important: Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement. Please contact the vendor for additional information.

Published Date: