Site icon Liquidmatrix Security Digest

Apple Re-releases AirPort Extreme Update

The AirPort Extreme update 2007-001 has been re-released as 2007-002 “which contains an additional non-security fix for a compatibility issue when using certain third-party access points configured to use WEP”. Hmmm.

From Apple:

AirPort Extreme Update 2007-002

*

AirPort

CVE-ID: CVE-2006-6292

Available for: Mac OS X v10.4.8, Mac OS X Server v10.4.8

Impact: Attackers on the wireless network may cause system crashes

Description: An out-of-bounds memory read may occur while handling wireless frames. An attacker in local proximity may be able to trigger a system crash by sending a maliciously-crafted frame to an affected system. This issue affects the Core Duo version of Mac mini, MacBook, and MacBook Pro computers equipped with wireless. Other systems, including the Core 2 Duo versions are not affected. This update addresses the issue by performing additional validation of wireless frames. Credit to LMH for reporting this issue.

Note: The security fix described above (CVE-2006-6292) was originally released in AirPort Extreme Update 2007-001. The identical fix is also present in AirPort Extreme Update 2007-002, which contains an additional non-security fix for a compatibility issue when using certain third-party access points configured to use WEP. Systems which installed AirPort Extreme Update 2007-001 are correctly patched for CVE-2006-6292. Installing AirPort Extreme Update 2007-002 is recommended to obtain the additional compatibility fix. Affected systems that have not yet applied AirPort Extreme Update 2007-001 should apply AirPort Extreme Update 2007-002.

System restart will be necessary.

Article Link

[tags]2007-002, AirPort Extreme, CVE-2006-6292, WEP, Wireless[/tags]

Exit mobile version