Encourage Apple to resume firmware updates for Airport Express (security, environment)

Recent signers:

Carl Clancy•6 days ago

Adam Richardson•7 days ago

Daniel Poe•2 weeks ago

Michael Morris•3 weeks ago

Leonardo Chrudina•1 month ago

Trevor Pitruzzello•2 months ago

Phillip Cobden•2 months ago

Christopher Swenson•4 months ago

Daniel G•6 months ago

Tamas Belso•6 months ago

Jochen Winkler•7 months ago

Vien Nguyen•7 months ago

jonathan fontenot•8 months ago

Mattis Frommer•8 months ago

Kinheng Kong•8 months ago

James Reynolds•9 months ago

James Pettinato•9 months ago

Kim Black•9 months ago

Brandon Czel•9 months ago

Marshall Willis•9 months ago

The Issue

A Security Crisis Has Arrived for Apple Airport and Airport Express WiFi Devices

Recent vulnerabilities discovered in the AirPlay software stack (see WIRED reference article link below) will render Airport and Airport Express WiFi appliances, more or less, immediately obsolete, without a firmware update. Anyone using Airport or Airport Express devices will want to know about this issue.

Without a Firmware Update Airport Express Devices Become Dangerous

A hypothetical (but nearly assured) future exploit of the AirPlay vulnerabilities known to security researchers as "AirBorne" will lead to a bad day for users and bad publicity for Apple.

Apple Ended Firmware Update Support for Airport and Airport Express in June 2019

Although discontinued in 2018, Airport and Airport Express devices remain performant, robust, and durable. A great many remain in service.

They provide WiFi access points and related functionality including WiFi-accessible storage, and connecting printers to WiFi networks via their USB port.

Airport Express devices running AirPlay 2 remain popular for connecting stereos to WiFi networks via AirPlay.

Related Information

• It’s not publicly known (but presumably Apple has some data on this?) but it appears that that there were millions of Airport and Airport Express units sold.

• A great many of these units appear to remain in use. People still recommend finding used Airport Express devices on eBay as they are widely regarded as easier to configure and more robust than many currently available devices from other vendors.

• Support for these devices was discontinued with the last firmware update delivered in June 2019.

• The devices remain popular in the resale market on eBay, with used prices surprisingly robust (as recently as March 2025; news of the vulnerabilities might depress prices, now)

Other Considerations

Among Fortune 500 companies, Apple appears to be a global leader in environmental responsibility. Management and employees alike appear to support reducing the company’s carbon footprint. The company has made continuous improvements in responsible and sustainable packaging and materials use in manufacturing.

Extending firmware update support for the Airport and Airport Express devices would help keep these devices out of landfills, potentially for several more years.

The mechanism for delivering firmware updates to these devices including the Airport Utility and supporting cloud infrastructure, remains intact. (I know this because I recently updated a few older devices.)

Recommendations

I urge Apple to revisit the question of firmware updates for the Airport and Airport Express, and explore the possibility of issuing security patches for these devices.

Reference

Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi (WIRED)

"Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it."

Apple Feedback ID: FB17421239

Gary LongsinePetition StarterInfoSec professional. NatSec curious. Founder illumineX, maker of scalable, robust software for enterprise, government, and nonprofit clients (1998 to present). Inventor with patents in large scale network security. @arbiteriapetus.bsky.social

Media inquiries

800