Apple has released a “Heartbleed” related update for its AirPort Extreme and AirPort Time Capsule devices. The update is 7.7.3 for AirPorts with 802.11ac. The update includes security improvements related to SSL/TLS.
From Apple’s Support Site:
AirPort Base Station Firmware Update 7.7.3
Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in a privileged network position may obtain memory contents
Description: An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue.
While Apple released a statement earlier this month saying that iOS, OS X, and its “key web services” were unaffected by the Heartbleed security flaw, that blanket statement apparently did not cover the AirPort devices.
The update is recommended for models of the AirPort Extreme and Time Capsule that support 802.11ac Wi-Fi, other AirPort base stations do not need the update.
The update can be applied from the AirPort Utility by clicking the icon that represents the AirPort or Time Capsule device, (you should see a red “bug” next to the icon alerting you of the update), and then clicking the “Update” button.