Apple has just rolled out a critical security fix (patch) for its 2013 AirPort Extreme and Time Capsule models in conjunction with bug-fix and security updates for iOS and Mac OS X devices.
According to the changelog posted by Apple on its support site, the 7.7.3 update fixes a critical Heartbleed SSL/TLS security bug that is known to compromise user login credentials via a man-in-the-middle attack.
Here is what the release notes for 7.7.3 update states:
Firmware update 7.7.3 is recommended for all AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. It provides security improvements related to SSL/TLS. Other AirPort base stations do not require this firmware update.
The firmware update provides a fix for the recent OpenSSL vulnerability for the latest generation of 802.11ac enabled AirPort Extreme and AirPort Time Capsule base stations (June 2013). This vulnerability only impacts recent Airport devices that have the Back to My Mac feature enabled. Customers with previous generation AirPort Extreme and AirPort Time Capsules do not need to update their base stations.
Users of AirPort 2013 models with Back to My Mac feature enabled are advised to patch the Heartbleed vulnerability (as soon as possible) on their devices by installing the latest firmware update 7.7.3.
How to Install Firmware Update 7.7.3 on 2013 AirPort Routers
- Firmware Update 7.7.3 can be installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS
- Download AirPort utility for Mac from here (it is a free download) and AirPort Utility for iOS is a free download via App Store.
Note: Use AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1 or later on iOS to upgrade to Firmware version 7.7.3.
Owners of older AirPort devices and those using newer models without enabling the Back to My Mac feature need not install this update as those configurations are unaffected by the Heartbleed bug.