Home / mailings APPLE-SA-2010-03-31-1 AirPort Base Station Update 2010-001
Posted on 31 March 2010
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2010-03-31-1 AirPort Base Station Update 2010-001
AirPort Base Station Update 2010-001 is now available and
addresses the following:
AirPort Utility
CVE-ID: CVE-2009-2822
Available for: Mac OS X v10.5.7 or later, Windows 7, Vista, XP
Impact: An unauthorized user may be able to connect to a restricted
network that uses a network extender
Description: An AirPort administrator may restrict access to a
network by specifying a MAC address ACL. There is an issue where MAC
address ACLs are not properly propagated to network extenders. This
can allow an unauthorized user to access a network that should be
restricted via the MAC address ACL. This update addresses the issue
through improved distribution of settings to network extenders.
Credit to Guido Lamberty for reporting this issue.
AirPort Base Station Update 2010-001 may be obtained from the
Software Update pane in System Preferences, or Apple's Software
Downloads web site: http://www.apple.com/support/downloads/
The manual download is named AirPort Utility 5.5.1.
AirPort Utility for Mac OS X
The download file is named: AirPortUtility551.dmg
Its SHA-1 digest is: 542636fb7d538795cf18db6aa4453c4bcb570c19
AirPort Utility for Windows 7, Vista or XP
The download file is named: AirPortSetup.exe
Its SHA-1 digest is: a18af3cd329ab3adb31c794ede1a408b4f861968
To check that AirPort Utility has been updated:
* Launch AirPort Utility
* Select "About AirPort Utility" in the "AirPort Utility" menu. The
version after applying this update will be "5.5.1" or later.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
