Security & Privacy

Apple has released an update to Time Capsule and AirPort Base Station (802.11n) Firmware, fixing one security issue:

Impact: An attacker in a privileged network position may be able to cause arbitrary command execution via malicious DHCP responses
Description: dhclient allowed remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. This issue is addressed by stripping shell meta-characters in dhclient-script.

This is an obscure issue, but you should update the firmware anyway, as it probably also contains other bug fixes. Apple recommends that you download AirPort Utility 5.5.3 before applying the firmware update. If you don’t already have that program, you can download it here.

To apply the Time Capsule and AirPort Base Station Firmware update, launch AirPort Utility, and select your AirPort device. You’ll see something like this telling you that a new version of the firmware is available:

Click on Update Firmware to download and apply the update. You’ll have to restart your AirPort Base Station or Time Capsule, losing network access for a couple of minutes.