Apple has recently released a new firmware update for Airport Express router in order to fix the susceptibility that could put the device at risk of compromise.
According to the company, the flaw is related to memory corruption coming from DNS data parsing that leads to arbitrary code execution. The company has rolled out firmware update version 7.6.7 and 7.7.7 for AirPort and AirPort Time capsule base stations with 802.11n Wi-Fi and 802.11ac Wi-Fi standard for AirPort Extreme.
The AirPort Utility with version 6.3.1 or higher or OS X Airport utility 1.3.1 or later on iOS can be used for installation of latest firmware version on AirPort devices. This has been revealed by the company in an advisory.
It was important from the security point of view but the company has not disclosed the details about the possible exploitation scenarios and didn’t assign a rating for the flaw. However, an arbitrary code execution through remote vector like DNS is as bad as other attacks.
Though it is not clear that the data parsing issue is with the DNS server or with the DNS client functionality.
A router like AirPort Express can serve as a local DNS resolver for all the devices on the network. This is clear cut that the DNS queries from the PC pass to the upstream through global internet DNS chain. On contrary to this, AirPort Express also works like DNS clients asking other DNS servers to connect to the internet to solve the hostname.
If the error is in interpreting of queries received from the connected computers, then it will limit the attack on the local network. Whereas if the error is in interpreting of DNS responses, then it could exploit remotely.
When the DNS client is asked to resolve the problem with the domain name, the query is then passed to one of the so-called root DNS servers. In other words, a group of servers. These servers are related to Authoritative DNS server from queried Domain name and this is the one that requested the information from the authoritative server.
Attackers can register a rogue domain name and configure the same DNS server from there to respond with the crafted data that could exploit the flaw. They then attack the computer which is connected to the AirPort Express router to send a DNS query for one of their domain names. The users are then requested to click on the link.
Another thing that attackers used to do on the computers is executing the malicious code on the successfully exploited flaw. If code executed under root account, then it can lead to full device compromise.
By controlling AirPort Express, the attackers can launch various attacks on the local network computers. They can even seize search queries, insert false ads into a web page and even direct the internet browser into malicious websites when they try to access the legal ones.