Apple has issued a security update to fix a nine-month-old DNS parsing vulnerability affecting its AirPort routers. Apple has released a firmware update 7.6.7 and 7.7.7 that runs on AirPort Express, AirPort Extreme and AirPort Time Capsule base stations with 802.11n; AirPort Extreme and AirPort Time Capsule base stations with 802.11ac.
According to the Apple advisory states the old firmware was affected by a memory corruption issue in DNS data parsing. The experts of the company fixed the security issue by improving bounds checking.
The exploitation of the flaw CVE-2015-7029 could allow a remote attacker to cause arbitrary code execution.
“Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue existed in DNS data parsing. This issue was addressed through improved bounds checking. CVE-2015-7029 : Alexandre Helie” states the Apple SA-2016-06-20-1 security advisory.
The experts noticed that the Apple SA-2016-06-20-1 security advisory just references a single remote code execution hole.
It is strange that Apple hasn’t provided further details about the security issue except for an acknowledgement to Alexandre Helie who discovered the bug.
It is likely that attackers can trigger the issue to capture DNS responses and manipulate them in order to redirect users to bogus websites.
“We can think of two ways that a DNS data-handling bug of this type might be exploited to take control of a vulnerable AirPort router.” wrote Paul Ducklin from Naked Security. “The first way is by feeding malformed DNS requests to an AirPort that is set up to reply to queries from the internet. The second is by feeding malformed replies to an AirPort that makes outbound DNS requests on behalf of the devices on its internal network. The latter is obviously a much more serious flaw, and we think it’s probably the sort of bug that Apple is talking about here.”
Over at Sophos’ Naked Security, Paul Ducklin speculates that since it’s described as remotely exploitable, the bug must make it easier to get an AirPort to accept fake DNS responses.
If you own an Apple AirPort patch it as soon as you can.
Security Affairs – (Apple AirPort, CVE-2015-7029 )
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.