Soon after Apple’s new 802.11n AirPort Extreme base station came out, we and others wrote about a very unwanted “feature” in the product. Apple has now fixed that “feature” (along with another minor one) through a security update to the base station’s firmware.

In a very un-Apple-like move, the base station, as first shipped, violated one of the prime directives of Internet security: “all unneeded services should be disabled by default.” In this case, the on-by-default feature was one of the most highly unneeded ones you could imagine -- the base station would, by default, automatically connect all the machines on your local (home) network to a public IPv6 Internet. Almost no one in the world would want to do this right now, since there are almost no services available under IPv6 and the security risks are pretty much unknown. So it was high risk, low reward.

Exactly what Apple was thinking by doing this we may never know. It couldn’t have just been a simple uncaught bug, since they had to go to a lot of work to add this cool “feature” (or at least this feature that someday could well be cool). Apple makes so few of these mistakes that those they do make really stand out. But there were no known real-world exploitations of this problem and it was fixed fairly quickly, so it’s probably not worth worrying about too much. But if you are running the new base station, you should definitely look into the security update, even if you’ve already fixed the “feature” yourself.