Monday, October 14, 2019
  • Stopping Sophisticated Social Engineering Scams – Looking Beyond the Basic Signs
  • Multi-Factor Authentication Pros & Cons
  • DOH: DNS Over HTTPS
  • Top 10 Website Hardening Tips
  • Derbycon 2019, Lee Holmes’ ‘PowerShell Security Looking Back From The Inside’

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security SBN News Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Data Security » Apple Releases Firmware Security Updates for AirPort Base Stations

Apple Releases Firmware Security Updates for AirPort Base Stations

by David Bisson on May 31, 2019

Apple recently released a series of updates that address several firmware security issues affecting its AirPort base stations.

Released on 30 May, the changes fix eight vulnerabilities that apply to the AirPort Extreme and AirPort Time Capsule base stations with 802.11ac.

Almost half of these bugs concerned denial-of-service (DoS) attacks. Apple fixed one of these security weaknesses, CVE-2019-8588, by using improved input validation to address a null pointer dereference. The tech giant leveraged a similar approach to resolve CVE-2018-6918, a bug which enabled a remote attacker to cause a DoS condition.

The third of these flaws, CVE-2019-7291, allowed a privileged user to perform a denial-of-service attack. Apple addressed this issue by instituting improved memory handling.

The remaining vulnerabilities covered a host of security problems. Two of the weaknesses, CVE-2019-8578 and CVE-2019-8572, made it possible for a remote attacker to produce arbitrary code execution. The iPhone maker fixed the first of these by applying improved memory manage to a use-after-free issue. For the second bug, it leveraged improved input validation to remove a null pointer dereference.

Provided below are descriptions of the remaining security issues and of Apple’s fixes for them:

  • CVE-2019-8581: This bug allowed a remote attacker to leak memory. Apple closed the security hole by addressing an out-of-bounds read with improved input validation.
  • CVE-2019-8575: The vulnerability revealed that a base station factory reset might not delete all user information. The tech giant fixed this bug with improved data deletion.
  • CVE-2019-8580: This gap demonstrated that source-routed IPv4 packets could be unexpectedly accepted. Disabling source-routed IPv4 packets by default solved this weakness.

These security issues highlight the need for organizations to stay on top of all known vulnerabilities that might affect their IT software and hardware. Towards that end, they should consider creating a vulnerability management (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/apple-releases-firmware-security-updates-for-airport-base-stations/

May 31, 2019May 31, 2019 David Bisson airport, Apple, IT Security and Data Protection, Latest Security News, Vulnerabilities
  • ← Fuzzing Unit Tests with DeepState and Eclipser
  • Checkers restaurant chain warns customers that hackers have their credit cards →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Establishing and Growing Your Security Framework
A Closer Look at the Emotet Banking Trojan
Automation: Moving from Detection to Enforcement
DevOps Chat: Interactive App Testing, With Synopsys
iTunes for Windows Zero-Day Exploited for Ransomware
New Reductor Nation-State Malware Compromises TLS
20 DevSecOps Pros Reveal the Most Important Considerations in Building a DevSecOps Pipeline
Understanding DDoS attacks: a guide for WordPress administrators
What steps can companies take to adopt a Zero Trust approach to security?
The Open Source Cookbook: Prepping Your Kitchen

Upcoming Webinars

Mon 21

Open Source Security – Weighing the Pros and Cons

October 21 @ 1:00 pm - 2:00 pm
Wed 23

6 Essential Steps to Avoid Container Security Vulnerabilities

October 23 @ 11:00 am - 12:00 pm
Nov 14

Top Cybersecurity Threats and How SIEM Protects Against Them

November 14 @ 11:00 am - 12:00 pm
Nov 18

Scaling DevSecOps

November 18 @ 1:00 pm - 2:00 pm
Nov 19

SAP Concur’s Cloud Journey

November 19 @ 1:00 pm - 2:00 pm
Dec 09

Cloud Security – Keeping Serverless Data Safe

December 9 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

The State of DevSecOps

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Keeping Digital Assets Safe: Security for DAM
Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) 

Keeping Digital Assets Safe: Security for DAM

October 14, 2019 Gilad David Maayan | Yesterday 0
Establishing and Growing Your Security Framework
Cybersecurity Industry Spotlight Security Awareness Security Boulevard (Original) 

Establishing and Growing Your Security Framework

October 11, 2019 Simon Hall | 3 days ago 0
Automation: Moving from Detection to Enforcement
Analytics & Intelligence Cybersecurity Industry Spotlight Security Boulevard (Original) 

Automation: Moving from Detection to Enforcement

October 10, 2019 Laurence Pitt | 4 days ago 0

Top Stories

iTunes for Windows Zero-Day Exploited for Ransomware
Application Security Cybersecurity Data Security Featured Malware News Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

iTunes for Windows Zero-Day Exploited for Ransomware

October 14, 2019 Richi Jennings | Yesterday 0
OASIS to Lead Cybersecurity Interoperability Initiative
Cybersecurity Featured News Security Awareness Security Boulevard (Original) Spotlight 

OASIS to Lead Cybersecurity Interoperability Initiative

October 8, 2019 Michael Vizard | Oct 08 0
Android Zero-Day Panic as Ancient Linux Flaw Forgotten
Cybersecurity Featured Incident Response Malware Mobile Security News Popular Post Security Boulevard (Original) Spotlight 

Android Zero-Day Panic as Ancient Linux Flaw Forgotten

October 7, 2019 Richi Jennings | Oct 07 0

Security Humor

via  Luke Kingma  and  Lou Patrick-Mackay  at  Futurism Cartoons

Luke Kingma’s & Lou Patrick-Mackay’s Futurism Comics, ‘Heat Tolerant’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.