Monday, October 2, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • DEF CON 31 - Andrew Brandt’s ‘War Stories - You’re Not George Clooney, And This Isn’t Oceans 11’
  • Choosing the Right Cybersecurity Awareness Training Solution: Your Ultimate Checklist
  • Google Chrome Heap Buffer Overflow Vulnerability (CVE-2023-5217) Notification
  • Avoid libwebp Electron Woes On macOS With positron
  • A Closer Look at the Snatch Data Ransom Group
Data Security SBN News Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » Apple Releases Firmware Security Updates for AirPort Base Stations

SBN

Apple Releases Firmware Security Updates for AirPort Base Stations

by David Bisson on May 31, 2019

Apple recently released a series of updates that address several firmware security issues affecting its AirPort base stations.

AWS Builder Community Hub

Released on 30 May, the changes fix eight vulnerabilities that apply to the AirPort Extreme and AirPort Time Capsule base stations with 802.11ac.

Almost half of these bugs concerned denial-of-service (DoS) attacks. Apple fixed one of these security weaknesses, CVE-2019-8588, by using improved input validation to address a null pointer dereference. The tech giant leveraged a similar approach to resolve CVE-2018-6918, a bug which enabled a remote attacker to cause a DoS condition.

The third of these flaws, CVE-2019-7291, allowed a privileged user to perform a denial-of-service attack. Apple addressed this issue by instituting improved memory handling.

The remaining vulnerabilities covered a host of security problems. Two of the weaknesses, CVE-2019-8578 and CVE-2019-8572, made it possible for a remote attacker to produce arbitrary code execution. The iPhone maker fixed the first of these by applying improved memory manage to a use-after-free issue. For the second bug, it leveraged improved input validation to remove a null pointer dereference.

Provided below are descriptions of the remaining security issues and of Apple’s fixes for them:

  • CVE-2019-8581: This bug allowed a remote attacker to leak memory. Apple closed the security hole by addressing an out-of-bounds read with improved input validation.
  • CVE-2019-8575: The vulnerability revealed that a base station factory reset might not delete all user information. The tech giant fixed this bug with improved data deletion.
  • CVE-2019-8580: This gap demonstrated that source-routed IPv4 packets could be unexpectedly accepted. Disabling source-routed IPv4 packets by default solved this weakness.

These security issues highlight the need for organizations to stay on top of all known vulnerabilities that might affect their IT software and hardware. Towards that end, they should consider creating a vulnerability management (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/apple-releases-firmware-security-updates-for-airport-base-stations/

May 31, 2019May 31, 2019 David Bisson airport, Apple, IT Security and Data Protection, Latest Security News, Vulnerabilities
  • ← Fuzzing Unit Tests with DeepState and Eclipser
  • Checkers restaurant chain warns customers that hackers have their credit cards →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Tue 03

Way Too Vulnerable: Uncovering the State of the Identity Attack Surface

October 3 @ 11:00 am - 12:00 pm
Wed 11

ASPM: Leveling the AppSec Playing Field

October 11 @ 1:00 pm - 2:00 pm
Mon 16

Shadow Access: Where IAM Meets Cloud Security

October 16 @ 3:00 pm - 4:00 pm
Tue 17

Securing Cloud-Native Applications Across the Software Development Life Cycle

October 17 @ 11:00 am - 12:00 pm
Wed 18

Live Workshop on ‘SCA 2.0’: Using Runtime Analysis to Find High-Risk SCA Vulnerabilities

October 18 @ 12:00 pm - 1:30 pm
Thu 19

Managing Security Posture and Entitlements in the Cloud

October 19 @ 1:00 pm - 2:00 pm
Tue 24

When Seconds Matter: Real-Time Cloud Security With AWS and Sysdig

October 24 @ 11:00 am - 12:00 pm
Tue 24

Reporting From the Pipeline: The State of Software Security in DevOps

October 24 @ 1:00 pm - 2:00 pm
Thu 26

How to Shift Left the Right Way

October 26 @ 3:00 pm - 4:00 pm
Mon 30

Zero-Trust

October 30 @ 1:00 pm - 2:00 pm

More Webinars

Subscribe to our Newsletters

TSTV Podcast

Most Read on the Boulevard

ZenRAT Targets Windows Users with Fake Bitwarden Site
China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?
Microsoft Brings Passkey Support to Windows 11
Exabeam Brings Generative AI to SIEM Platform
Sysdig Adds Ability to Detect Threats in Real-Time to CNAPP
What You Need to Know About the libwebp Exploit
Methods To Protect Yourself From Identity Theft
How to Perform an ISO 27001 Risk Assessment
Google LibWebP Arbitrary Code Execution Vulnerability (CVE-2023-5129) Notification
Step on It: What to Know About TISAX Compliance in the Automotive Market

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Industry Spotlight

CISA Rolls Out a HBOM Framework to Secure Hardware Components
Cloud Security Cybersecurity Featured Industry Spotlight Network Security News Security Boulevard (Original) Spotlight Threats & Breaches 

CISA Rolls Out a HBOM Framework to Secure Hardware Components

September 29, 2023 Jeffrey Burt | 2 days ago 0
Lawsuit Filed Against Google, Meta, H&R Block for Sharing Taxpayer Data
Cyberlaw Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight News Security Boulevard (Original) Spotlight 

Lawsuit Filed Against Google, Meta, H&R Block for Sharing Taxpayer Data

September 28, 2023 Jeffrey Burt | 3 days ago 0
Xenomorph Android Banking Trojan Makes Landfall in US
Application Security Cybersecurity Data Security Featured Identity & Access Industry Spotlight Malware Mobile Security News Security Boulevard (Original) Spotlight Threats & Breaches 

Xenomorph Android Banking Trojan Makes Landfall in US

September 26, 2023 Jeffrey Burt | Sep 26 0

Top Stories

Federal Shutdown Raises Cybersecurity Risks, Experts Warn
Analytics & Intelligence CISO Suite Cybersecurity Featured Governance, Risk & Compliance Incident Response IoT & ICS Security News Security Boulevard (Original) Social - Facebook Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Federal Shutdown Raises Cybersecurity Risks, Experts Warn

September 29, 2023 Nathan Eddy | 2 days ago 0
National Cybersecurity Infrastructure Efforts Bearing Fruit
Analytics & Intelligence CISO Suite Cyberlaw Cybersecurity Data Privacy Data Security Featured Governance, Risk & Compliance Incident Response News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence 

National Cybersecurity Infrastructure Efforts Bearing Fruit

September 29, 2023 Nathan Eddy | 2 days ago 0
China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Data Security DevOps DevSecOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response IOT IoT & ICS Security Malware Most Read This Week Network Security News Popular Post Securing the Cloud Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Security Challenges and Opportunities of Remote Work Security Operations Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?

September 28, 2023 Richi Jennings | 3 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Book Podcasts’

Randall Munroe’s XKCD ‘Book Podcasts’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.