Apple has patched iOS, macOS and other products to protect against the KRACK vulnerability recently disclosed in the WPA2 Wi-Fi security protocol.
KRACK, short for key re-installation attack, allows an attacker within range of a victim’s Wi-Fi network to read encrypted traffic with varying degrees of difficulty.
Many vendors had patched KRACK in their respective products prior to the Oct. 16 public disclosure. Researcher Mathy Vanhoef of Belgium found and privately disclosed to numerous organizations starting in July and helped coordinate disclosure.
Apple was among the holdouts to repair its offerings until today; the update is part of iOS 11.1and includes patches for 13 bugs in Webkit, and other fixes in the kernel, iMessages, and elsewhere. Apple also patched KRACK in macOS High Sierra, Sierra and El Capitan, all of which were updated today, as well as in tvOS and watchOS
Given that KRACK is a protocol-level bug, it had many experts on edge in its early days. Since then, some of the anxiety has eased given the varying degrees of ease of exploit and conditions that must be in place for an attack to be successful.
Read more…
Source: ThreatPost