Apple + Security News

Port Forwarding Bug in the Latest Version of Apple’s Airport Utility

Posted on October 11th, 2012 by

A specific but potentially far-reaching bug has been found in the latest version of Airport Utility that can affect users who rely on specific port forwarding to manage remote access or security features on their networks. An email thread among several of MarketCircle's partners has concluded that this bug occurs only in the latest version of Airport Utility running on Mountain Lion, and can occur more easily in conjunction with Mountain Lion Server, as the Server utilities are often used to handle port forwarding. System admins may find it useful to still keep a machine running a copy of Lion and Airport Utility 5.6 on hand, as the bug does not occur with this software. The firmware of the Airport device appears to be irrelevant.

Matthew Bookspan at Blacktip IT Services notes:

"If you add a non-standard port forward and do not complete all four fields (Internal/External UDP/TCP) then the settings will not save. This is counter-intuitive, although it is something we have seen on multiple Airports."

This issue was discovered because many small businesses and consulting groups use Daylite (a MarketCircle product) as their main CRM tool to manage their clients and schedules. Daylite allows users to host their own instance of their database as a server and synchronize that data to multiple Macs and iOS devices, but in order to do this, specific ports must be enabled in the Airport device that handles routing from whatever machine hosts the database. This new bug in Mountain Lion essentially erases all those settings without any warning to the user, and the only way to fix it is to manually re-enter them again.

Steve Jacobson at ResourceSteam advises:

"If you are manually setting ports in Airport Utility, then be sure to UNCHECK the automatic port forwarding in the DLSAdmin's Network section."

Airport devices have a history of mis-handling port forwards, even when they are not done via Apple's Server Utilities. This is all very technical and seems like something that only applies to System Admins...so why should you care? Well, it's because of where Airport and Mountain Lion Server fit into Apple's overall strategy for the enterprise. Saving these port settings isn't some fringe case that an IT admin might only encounter once in a while. This is a core part of why Airport was created and these are the products that Apple is selling hard in education & small business, and a failure like this doesn't speak very well for Apple. It's unclear what the extent of this bug is, which leaves Airport Utility in an untrustworthy position. If the bug could be exploited to force the Utility to open all ports, that could pose a serious security issue for corporate networks.

Apple's marketshare is accelerating at a meteoric rate, but if these basic problems persist, they are going to meet with strong resistance from IT teams around the world who rely on these things to work every time without fail. Airport Utility and Mountain Lion server have both undergone recent overhauls with massive facelifts, but at the cost of some major features and the introduction of more than a few nasty bugs. When Apple overhauled iMovie in iLife '08 and then later release Final Cut Pro X, both applications were met with loud outcries from the established base of users, but in time, Apple has managed to update or fix those applications to make everyone happy again. In the case of iMovie, that process took years, and these enterprise tools simply cannot afford to take that long to fix.

Alongside Apple's latest Maps release, which some have found unsatisfactory, it appears that with increased offerings, Apple is having a harder time covering all their bases in quality control. Let's hope they can prioritize these issues and start filling some of the gaps they've created before they release the next new shiny thing.

Join Our Awesome Email Newsletter

Enter your email address below to start receiving the best Mac Security Updates.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}