Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Apple Patches RCE Flaw in AirPort Routers

Apple has released firmware updates for its AirPort routers to address a remote code execution (RCE) vulnerability.

Apple has released firmware updates for its AirPort routers to address a remote code execution (RCE) vulnerability.

The flaw, tracked as CVE-2015-7029, appears to have been reported to the company last year by Alexandre Helie. In its advisory, Apple only revealed that the issue is a memory corruption related to DNS data parsing that allows a remote attacker to execute arbitrary code.

Paul Ducklin, senior security advisor at Sophos, believes there are two methods that can be used to exploit these types of vulnerabilities in order to take control of an AirPort router.

“The first way is by feeding malformed DNS requests to an AirPort that is set up to reply to queries from the internet. The second is by feeding malformed replies to an AirPort that makes outbound DNS requests on behalf of the devices on its internal network,” Ducklin explained. “The latter is obviously a much more serious flaw, and we think it’s probably the sort of bug that Apple is talking about here.”Apple Airport vulnerability patched

According to the expert, these types of vulnerabilities are not difficult to exploit. An attacker needs to register a domain, set up a malicious DNS server to answer queries about that domain, and send the targeted user a link to a webpage containing content apparently hosted on the attack domain.

“All that matters is that some device on the target network should decide to ask an unpatched AirPort router, ‘Where do I find example.org?’,” Ducklin explained. “The router will then pass this question on to the global DNS network, which will answer by referring the router to your own, booby-trapped DNS server, assuming that’s registered as the official DNS server for your ‘attack domain’.”

“Your ‘attack domain’ can then send back a booby-trapped reply to take control of the victim’s router remotely, and thereby potentially to compromise his entire network,” the expert said.

Apple patched the vulnerability with the release of firmware versions 7.6.7 and 7.7.7 for AirPort Express, Extreme, and Time Capsule base stations with 802.11n, and AirPort Extreme and Time Capsule devices with 802.11ac. The firmware updates can be installed using the AirPort Utility for OS X or iOS.

Related Reading: Netgear Routers Plagued by Serious Vulnerabilities

Advertisement. Scroll to continue reading.
Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.