APPLE-SA-2010-03-31-1 AirPort Base Station Update 2010-001

"AirPort Utility
CVE-ID: CVE-2009-2822
Available for: Mac OS X v10.5.7 or later, Windows 7, Vista, XP
Impact: An unauthorized user may be able to connect to a restricted
network that uses a network extender
Description: An AirPort administrator may restrict access to a
network by specifying a MAC address ACL. There is an issue where MAC
address ACLs are not properly propagated to network extenders. This
can allow an unauthorized user to access a network that should be
restricted via the MAC address ACL. This update addresses the issue
through improved distribution of settings to network extenders.
Credit to Guido Lamberty for reporting this issue."

It is recommended that any AirPort network extender devices have Update
2010-001 applied. Here are the instructions for download and installation:

"AirPort Base Station Update 2010-001 may be obtained from the
Software Update pane in System Preferences, or Apple's Software
Downloads web site:
The manual download is named AirPort Utility 5.5.1.

AirPort Utility for Mac OS X
The download file is named: AirPortUtility551.dmg
Its SHA-1 digest is: 542636fb7d538795cf18db6aa4453c4bcb570c19

AirPort Utility for Windows 7, Vista or XP
The download file is named: AirPortSetup.exe
Its SHA-1 digest is: a18af3cd329ab3adb31c794ede1a408b4f861968

To check that AirPort Utility has been updated:

* Launch AirPort Utility
* Select "About AirPort Utility" in the "AirPort Utility" menu. The
version after applying this update will be "5.5.1" or later."