Yesterday, Apple released new firmware versions for its AirPort router models, which fixed a remote code execution (RCE) flaw tracked as CVE-2015-7029 and reported to the company last year by security researcher Alexandre Helie.
that “a remote attacker may be able to cause arbitrary code execution” and take over the device, based on the complexity of their attack code.
CVE-2015-7029 is a memory corruption issue, which Apple says exists in the way the router parses DNS requests. Apple didn’t mention if the problem is affecting inbound or outbound DNS traffic.
Regardless, both exploitation scenarios are trivial since DNS requests are involved in almost every Internet connection set up today.
The attack surface is huge, and an attacker would not have to wait long for a successful compromise.
Sophos security researcher Paul Ducklinhe believes the problem manifests when “feeding malformed replies to an AirPort that makes outbound DNS requests on behalf of the devices on its internal network,” because “most routers are set up to work this way.” If true, compromising an AirPort device would be a trivial affair.
Apple said it fixed the memory corruption issue by adding better memory bounds checking to prevent code from executing in the wrong parts of the router’s memory. CVE-2015-7029 was fixed in the AirPort base station firmware version 7.7.7. The firmware is available for download via.