Time Capsule and AirPort Extreme firmware update fixes Heartbleed bug

WiFiIconXWhile Apple’s online services were unaffected by the recent Heartbleed OpenSSL vulnerability, its 2013-model AirPort and Time Capsule base stations were subject to the bug, and could allow for interception of sensitive data for encrypted connections to iCloud services such as Apple’s Back To My Mac feature.

To address this issue, along with security updates for OS X and iOS, Apple has issued a firmware update for the new 2013 Time Capsule and AirPort Extreme systems, which address the vulnerability:

The firmware update provides a fix for the recent OpenSSL vulnerability for the latest generation of 802.11ac enabled AirPort Extreme and AirPort Time Capsule base stations (June 2013). This vulnerability only impacts recent Airport devices that have the Back to My Mac feature enabled.

Apple notes the problem only affects its 2013 base stations, and not any of the prior generation systems.

To apply the update, you will need to use Apple’s AirPort Utility:

  1. Select your AirPort base stations and click “Edit.”
  2. Supply login credentials to the station.
  3. Click the Update button.

Apple notes that after updating the firmware for these stations, you may need to manually re-enable its Back To My Mac service both in the Base Station as well as on your Mac. This can be done by checking the service in the iCloud system preferences on affected Mac systems, and in the Base Station by using this procedure:

  1. Open AirPort Utility.
  2. Select your base station and click Edit to log in.
  3. Go to the Base Station tab and select the Back To My Mac account you wish to use, then click Edit.
  4. Enter your Apple ID and password.
  5. Click “Update” to save the new settings.