Apple has posted a security update to address instances of the Heartbleed security vulnerability in its AirPort router and file back-up gadgets. The company said that a firmware update for the AirPort Extreme and AirPort Time Capsule home network appliances would address the infamous CVE-2014-0160 OpenSSL security …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Thursday 24th April 2014 02:53 GMT Fazal Majid

That's because those devices are based on Linux, not Darwin

And thus probably using OpenSSL as its SSL/TLS stack (the main alternatives being GnuTLS, which has security issues of its own, or PolarSSL).

One of the little secrets Apple would rather keep to itself...

2 2
1. Thursday 24th April 2014 03:06 GMT Trevor_Pott
  
  Re: That's because those devices are based on Linux, not Darwin
  
  *shrug* getting component manufacturers to port drivers to another OS is a bitch. Even if you're Apple.
  
  1 0
2. Thursday 24th April 2014 08:09 GMT Dan 55
  
  Re: That's because those devices are based on Linux, not Darwin
  
  It seems like one-time commercial licences of €2750 for AirPort and €2750 for Time Capsule were too much for a multi-billion dollar company.
  
  You get the security you pay for.
  
  https://polarssl.org/how-to-get
  
  3 1
3. Thursday 24th April 2014 10:03 GMT Anonymous Coward
  
  Re: That's because those devices are based on Linux, not Darwin
  
  If true, it is because Linux works better !
  
  Not to mention the fact that they can just buy dirt cheap and put a stick fruit label on it.
  
  1 2
4. Thursday 24th April 2014 10:10 GMT Anonymous Coward
  
  Re: That's because those devices are based on Linux, not Darwin
  
  That's because those devices are based on Linux, not Darwin
  
  A number of the AirPort devices are based on NetBSD, not Linux.
  
  2 0
Thursday 24th April 2014 05:32 GMT Anonymous Coward

What about the other 100 vulnerabilities

What about the other 100 vulnerabilities that haven't been found yet.....

0 1
1. Thursday 24th April 2014 07:18 GMT Helena Handcart
  
  Re: What about the other 100 vulnerabilities
  
  How do you know there are 100 vulnerabilities that haven't been found? You must be an NSA whistleblower, hence being anon. Don't worry, we've arranged for your extraction by helicopter in 5 minutes, so you'd better run and... get to the chopper!
  
  5 0
Thursday 24th April 2014 08:07 GMT Anonymous Coward

Surpise!

I'm not going to make my hilarious "Why is it always microsoft" comment. It's been so long since there's been a vulnerability article about MS there doesn't seem to be any point....

Poor other OS users, no longer more secure than MS windows (yes, even 8) and certainly nowhere near as ubiquitous, how are you going to prove that you're the cleverest now?

6 7
1. Thursday 24th April 2014 12:11 GMT Captain Scarlet
  
  Re: Surpise!
  
  Erm these are devices with embedded OS's and I would class it as an application issue rather than an OS issue.
  
  1 0
Thursday 24th April 2014 13:35 GMT Field Marshal Von Krakenfart

But which line will the fanbois remember in the future?

'"Apple has posted a security update to address instances of the Heartbleed security vulnerability in its AirPort router line, despite having earlier said that its products were immune to the flaw."

Clever marketing or a genuine misthake?

1 0
1. Thursday 24th April 2014 16:38 GMT JCitizen
  
  Re: But which line will the fanbois remember in the future?
  
  misthake? HAHAHAHAHAHAAHA!
  
  0 0
Thursday 24th April 2014 13:48 GMT Sebby

Don't Forget To Re-Enable BTMM

If you use Back To My Mac (I do) then you'll find that your sessions have been invalidated on all your devices. So, make sure you have local access when you upgrade your firmware so you can re-authenticate to iCloud.

Still a bit silly of Apple to have forgotten AirPort. About the only genuinely competent product that I can unreservedly recommend to people …

And yes, powered by NetBSD. Rock solid too, unlike much of the generally available consumer crap running Linux (it's the higher-end business kit running Linux that's any good for anything). I use a Draytek router in combination with AirPort.

2 0
Thursday 24th April 2014 16:43 GMT JCitizen

OOoops!

Well my brother's a Mac head, and he is already realizing Apple is just like every other concoction out there - you will find vulns in about anything if you look hard enough. I'm sure he'll have to patch both his Airport Extreme and time machine as well.

Now I'm wondering if my company is being honest about their GPL firmware?!!

0 0