How to Get Apple's Security Update for AirPort Routers
Apple yesterday (June 20) released an update for its AirPort routers that closes a nine-month-old flaw that allowed attackers to use the hubs against their owners. The AirPort Base Station firmware updates are numbered 7.6.7 and 7.7.7 for 802.11n and 802.11ac routers, respectively.
Apple didn't disclose much about the nature of this flaw, but a support document notes that it solves "a memory corruption issue [that] existed in DNS data parsing" that could let a remote attacker execute arbitrary code. That means a malcontent could trick the router into sending users to malicious websites.
In a notification announcing the firmware update, Apple said the flaw in question was discovered by Alexandre Helie, a 21-year old from the suburbs of Montreal. In January, Helie told Canadian news site TVA Nouvelles (in French) that he "wrote a report, I sent to Apple, and two hours later they called me in panic, saying 'Don't publish it.'"
Helie expected Apple to give him a bug bounty for finding the flaw, but he got a different kind of reward. Two months later, Apple flew him out to its Cupertino, California headquarters for interviews, then gave Helie a choice of two job offers. He will work for Apple for a year in Vancouver to qualify for a U.S. work visa, then move to Cupertino.
How to Update Your Apple AirPort Router
Firmware updates to Apple routers arrive in and are implemented by the AirPort Utility. Here's how to update an AirPort's firmware:
1. On a Mac, click Command + Space, type "Airport Utility" and select AirPort Utility. You can also find and open AirPort Utility by navigating to ~/Applications/Utilities/. On a Windows PC, type "AirPort Utility" into the Start menu search field and select the application.
2. Click on your AirPort router. If you don't see it here, make sure you're connected to the router.
3. Click Update. AirPort Utility will download the update and restart your router when it applies the update.
You've updated your AirPort firmware.