14 DAY TRIAL // Upon introducing updated versions of the AirPort (802.11n) base station and Time Capsule, Apple released a new firmware update for users of its wireless networking and backup solutions. The firmware enables remote administration and remote access to compatible USB connected drives via Back to My Mac (except on AirPort Express), and adds remote file access to older models. Additionally, the update includes a trio of security fixes, which Apple details as such.
About the security content of Time Capsule and AirPort Base Station (802.11n*) Firmware 7.4.1 [...]
CVE-ID: CVE-2008-2476
Available for: AirPort Extreme Base Station with 802.11n*, AirPort Express Base Station with 802.11n*, Time Capsule
Impact: A remote user may be able to cause a denial of service attack, observe private network traffic, or inject forged packets
Description: The IPv6 Neighbor Discovery Protocol implementation does not validate the origin of Neighbor Discovery messages. By sending a maliciously crafted message, a remote user may cause a denial of service, observe private network traffic, or inject forged packets. This update addresses the issue by performing additional validation of Neighbor Discovery messages.
CVE-ID: CVE-2008-0473
Available for: AirPort Extreme Base Station with 802.11n*, AirPort Express Base Station with 802.11n*, Time Capsule
Impact: A user on the local network may be able to cause an unexpected device shutdown
Description: An out-of-bounds memory access issue exists in the handling of PPPoE discovery packets. By sending a maliciously crafted PPPoE discovery packet, a remote user may be able to cause an unexpected device shutdown. This update addresses the issue through improved bounds checking.
CVE-ID: CVE-2008-3530
Available for: AirPort Extreme Base Station with 802.11n*, AirPort Express Base Station with 802.11n*, Time Capsule
Impact: A remote user may be able to cause an unexpected device shutdown Description: When IPv6 support is enabled, IPv6 nodes use ICMPv6 to report errors encountered while processing packets. An implementation issue in the handling of incoming ICMPv6 "Packet Too Big" messages may cause an unexpected device shutdown. This update addresses the issue through improved handling of ICMPv6 message
Within the same Support document, Apple also outlines the steps the user must follow to install firmware 7.4.1. Time Capsule or AirPort Base Station users can install the new firmware version via the AirPort Utility – a program that is provided with the device. Apple recently updated AirPort Utility to version 5.4.1. Users must have the latest version of the utility installed before proceeding with the installation of Time Capsule and AirPort Base Station (802.11n*) Firmware 7.4.1. AirPort Utility 5.4.1 is available for free download using the link below.