Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Apple Patches RCE Flaw in AirPort Routers

Apple has released firmware updates for its AirPort routers to address a remote code execution (RCE) vulnerability.

Apple has released firmware updates for its AirPort routers to address a remote code execution (RCE) vulnerability.

The flaw, tracked as CVE-2015-7029, appears to have been reported to the company last year by Alexandre Helie. In its advisory, Apple only revealed that the issue is a memory corruption related to DNS data parsing that allows a remote attacker to execute arbitrary code.

Paul Ducklin, senior security advisor at Sophos, believes there are two methods that can be used to exploit these types of vulnerabilities in order to take control of an AirPort router.

“The first way is by feeding malformed DNS requests to an AirPort that is set up to reply to queries from the internet. The second is by feeding malformed replies to an AirPort that makes outbound DNS requests on behalf of the devices on its internal network,” Ducklin explained. “The latter is obviously a much more serious flaw, and we think it’s probably the sort of bug that Apple is talking about here.”Apple Airport vulnerability patched

According to the expert, these types of vulnerabilities are not difficult to exploit. An attacker needs to register a domain, set up a malicious DNS server to answer queries about that domain, and send the targeted user a link to a webpage containing content apparently hosted on the attack domain.

“All that matters is that some device on the target network should decide to ask an unpatched AirPort router, ‘Where do I find example.org?’,” Ducklin explained. “The router will then pass this question on to the global DNS network, which will answer by referring the router to your own, booby-trapped DNS server, assuming that’s registered as the official DNS server for your ‘attack domain’.”

“Your ‘attack domain’ can then send back a booby-trapped reply to take control of the victim’s router remotely, and thereby potentially to compromise his entire network,” the expert said.

Apple patched the vulnerability with the release of firmware versions 7.6.7 and 7.7.7 for AirPort Express, Extreme, and Time Capsule base stations with 802.11n, and AirPort Extreme and Time Capsule devices with 802.11ac. The firmware updates can be installed using the AirPort Utility for OS X or iOS.

Related Reading: Netgear Routers Plagued by Serious Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...