Apple’s Time Capsule and AirPort Update Has a Security Side

Apple today released new updates for users of AirPort base stations and Time Capsules, addressing not only minor bugs, but also more serious security issues, all of which are detailed neatly in a support document over at Apple.com.

Titled “About the security content of Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2”, technote HT4298 reveals that Apple is addressing a total of five vulnerabilities, most of which can lead to different denial of service conditions, either of a single service or the entire device.

For example, one vulnerability renders an attacker able to query services behind an AirPort Base Station or Time Capsule's NAT from the source IP of the router, if any system behind the NAT has a portmapped FTP server.

Affecting Apple’s AirPort Extreme Base Station with 802.11n, AirPort Express Base Station with 802.11n, and Time Capsule, the vulnerability is described as follows:

"Description: The AirPort Extreme Base Station and Time Capsule's Application-Level Gateway (ALG) rewrites incoming FTP traffic, including PORT commands, to appear as if it is the source.

An attacker with write access to an FTP server inside the NAT may issue a malicious PORT command, causing the ALG to send attacker-supplied data to an IP and port behind the NAT.

As the data is resent from the Base Station, it could potentially bypass any IP-based restrictions for the service. This issue is addressed by not rewriting inbound PORT commands via the ALG."

Apple credits Sabahattin Gucukoglu for reporting this issue.

The Mac and Windows updates Apple released for AirPort Utility users today contain bug fixes and improvements.

AirPort Base Station and Time Capsule Firmware Update 7.5.2 brings a similar bag of fixes, some of which include general fixes to Wi-Fi base station stability, fixes for some issues with AirPlay streaming, general fixes with USB interoperability including connection to external storage devices, and fixes for issues with NAT port mapping settings.