14 DAY TRIAL // Apple has just released an AirPort Extreme Base Station with 802.11n Firmware 7.1 update. The update covers two security issues including incoming IPv6 connections and the visibility of filenames on password protected AirPort Disks.
The first issue covered by this update is the default setting of the AirPort Extreme Base Station with 802.11n, which allowed incoming IPv6 connections. This had the potential to expose network services on connected hosts to remote attackers. This update addresses the issue by changing the default setting to limit inbound IPv6 traffic to the local network. This behavior can be changed at any time through the AirPort Utility. The update only modifies the default setting.
The second issue covered is that filenames on a password-protected AirPort Disk may be viewable to users on the local network. AirPort Disk is a feature of AirPort Extreme Base Station with 802.11n that allows the sharing of files from an USB hard drive connected to a compatible base station. Previously, users on the local network were able to view filenames on the password protected disks, without actually providing a password. While the files were visible, they could not however be accessed without providing the password. The update addresses the issue by performing additional validation on AirPort Disk access requests.
This issue only affected AirPort Extreme Base Station with 802.11n, and not other versions of the Base Station.
Besides the update itself, those who do not already have version 5.1 of the AirPort Utility will have to download it as it is required. The software is available for both Macs and PCs running Windows, from the Apple site by installing AirPort Base Station Update 2007-001. It is recommended that AirPort Base Station Update 2007-001 be installed before installing Firmware version 7.1.