lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 12 Dec 2017 13:36:46 -0800
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update
	7.7.9

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

APPLE-SA-2017-12-12-2 AirPort Base Station Firmware Update 7.7.9

AirPort Base Station Firmware Update 7.7.9 is now available and
addresses the following:

AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations
with 802.11ac
Impact: An attacker within range may be able to execute arbitrary
code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations
with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
unicast/PTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven
CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations
with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA
multicast/GTK clients (Key Reinstallation Attacks - KRACK)
Description: A logic issue existed in the handling of state
transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU
Leuven

Installation note:

Firmware version 7.7.9 is installed on AirPort Extreme or
AirPort Time Capsule base stations with 802.11ac using
AirPort Utility for Mac or iOS.

AirPort Utility for Mac is a free download from
https://support.apple.com/downloads/ and AirPort Utility for iOS
is a free download from the App Store.
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlowGCIpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaeLxAA
kulHMKbWoRlguzlQWGhdS4hXLD02MvBz0Sc8NGCyp66N+THvc+uBnbfo283E+z01
eL7gqpMGgJ5cs7EVCCGtHMreg330d+9IiiSgbB2GZxddyc8pKymhYPstKtJazTWa
4NvnBCW2pzcmDieAyuhKRVxvqKRbTHsc0qfPPyKIB8KIh4L6KlcOWrdxbLK02qxi
5I7jEh5U41v3Z1ZXdmypqwM7M/Pur6IMmR4fHeA4fxH0BVq6uyiG88mOkfk3QHSJ
hHafQSQraPrmDbFvDB4hUZs/0rXPWcQ0FoQupMhcE2tgzc4/AL1BPYrkymEp9Y5J
bpKfOFCrRKSoqNs7vyq7BmWohwkXao427USAMNTwNsC8eANtVtYSVgINaw+vzt6d
xvNN6uul88v36Ta5EKHgAcV8uhcv83VH7NLzHJzdsHAychN+FsOVlXSgUNFM6S4a
n6/7HgZIGFPhSnkyywryax+9YrEkSaa9z1lFnhpMjwNLt1VGU6bUvpfLlNQS39L0
6YkY/qqlGdrI3OYBUae01oopK35rJi9S+kpTy/09eIb99s72aJHwrXr93UYJJlxg
pYFtiucmkQJCOa048OsK3MFBr65F5scDMdTQlePThnjc5XFVP5/H1zWEHtOvVMO2
6iDe0wzR8ykyW2/o4Jv0w4cgLCiEyjsjWh95F1uyDLo=
=ri7s
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists