Apple released an update to fix a flaw connected to the OpenSSL bug known as Heartbleed. No risk for passwords, but an attacker could acquire information about the login of a computer or a router.
Heartbleed did not affect the core services of Apple, but the same can’t be said of Airport Extreme and Time Capsule. The condition is necessary because Apple does not say anything specific about it, but the update released by Apple for the two access points has to do the problems caused by the bug that made many sites that used OpenSSL vulnerable.
Although the description of the update generally refers to “SSL/TLS” improvements and does not mention Hearbleed directly, a statement issued to MacWorld clearly points in that direction. “The firmware update provides a solution to the recent OpenSSL vulnerability in the latest generation of Airport Extreme and Airport Time Capsules, enabled at 802.11ac,” Apple adds that the bug only affects the Airport devices that activated Back to My Mac and does not affect those with older versions of Apple AirPort Extreme Setup and Airport Time Capsules.
From a further study published by MacWorld, we know that the vulnerability does not allow passwords to be read, as opposed to Heartbleed vulnerable servers, but could allow an intruder to exploit the man in the middle mode to access the screen login of a router or a computer,
The update should be available through the Airport and Time Capsule management application, which cyclically checks for updates. Opening the Airport utility the search for the update should take place automatically.
After updating the firmware, you may need to re-enable Back to My Mac on your AirPort stations. To do so, from the status bar of OS X just click Go > Utility > AirPort Utility, select your station from the list, click Modify (if required, enter the system password) and reactivate the function mentioned above authenticating with your Apple ID. A green illuminated status indicator will confirm the operation, which must be applied by clicking on the Update button to save the changes made.
On any Mac that uses the function instead, you will need to go to System Preferences > iCloud and, in the latter’s preferences, deselect Back to My Mac and reselect it again. If you have performed all the steps to get the update released by Apple, yet aren’t able to receive the update, then there must be some other kind of problem that you are dealing with. What you need to do is, you need to get in touch with Apple AirPort Extreme tech support facility to receive the update in order to safeguard your device from the vulnerabilities that lurk around the web.