Apple has released a firmware update for two router models, the AirPort Extreme and AirPort Time Capsule. Both products were refreshed in 2013 with 802.11ac Wi-Fi capability. The older AirPort Express and other discontinued models do not require the patch.
In a very brief release note posted to its support database and initially reported by Macworld, Apple only states, "Firmware update 7.7.3 is recommended for all AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. It provides security improvements related to SSL/TLS. Other AirPort base stations do not require this firmware update."
Apple had claimed earlier that none of its products or services are affected by the Heartbleed bug. It isn't known whether the company was aware of the potential fault in its Airport products at that time.
The Heartbleed bug allows malicious attackers to request small streams of unencrypted data from Web servers and other Internet-connected devices running a particular version of the OpenSSL security framework. The data could potentially include passwords, bank details, private messages, and even entire encryption keys. Up to three quarters of the world's major Web services have been affected, including Yahoo, Google, Dropbox, and Blackberry Messenger. In addition, a huge number of smartphones, infrastructure devices, and personal gadgets have also been found to be vulnerable.
Security workers have been racing to update their systems and release patches to fix the flaw. Users have been advised to change all their passwords, since it's possible that encrypted traffic was been compromised before the flaw came to be widely known.
It is also suspected that malicious hackers, including government agencies, had been exploiting the Heartbleed bug to spy freely on encrypted Internet traffic for up to two years before it came to light.