Roy Zipstein | Apple
Apple has issued a security update which patches a critical Apple AirPort router flaw leading to remote code execution attacks.
The update fixes a vulnerability which was recognized nine months ago. Dubbed CVE-2015-7029, there is little information on offer concerning the problem aside from the fact the bug is a DNS parsing flaw.
According to an Apple security advisory, a memory corruption issue existed in how Apple AirPort routers parsed DNS data, and the issue could potentially lead to cyberattackers remotely executing code.
The fix has been addressed through improved bounds checking released in the router firmware updates 7.6.7 and 7.7.7 on AirPort Express, AirPort Extreme and AirPort Time Capsule with 802.11n and AirPort Extreme, as well as AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS.
While the iPad and iPhone maker has only referenced one single remote code execution hole and given no other details, researchers from Naked Security say that a DNS handling bug of this type could be used to hijack a vulnerable AirPort router by either feeding malformed replies to an AirPort that makes outbound DNS requests on behalf of internal network devices, or by feeding malformed DNS requests to an AirPort router which has been configured to reply to queries from the web.
Out of the two options, Naked Security believes that Apple is most likely talking about an outbound DNS request issue, which is a “much more serious flaw” than the alternative.
“After all, you almost never want your home router to answer DNS queries from the outside, so you almost never configure your router to do so,” the researchers note. “But you almost always want your router to perform requests to the outside as part of the service it provides to your internal network, so most routers are set up to work this way.”
The vulnerability could then be exploited by registering a domain name with a DNS server set up to trap the victim, sending the target content including a reference to the domain, and once the query has gone through, the attack domain can send back a reply which hijacks the router — and potentially compromises the full network.
Apple AirPort owners should update their firmware as soon as possible.