Apple Patches KRACK Holes

Wednesday, November 1, 2017 @ 03:11 PM gHale


Apple released security patches, including fixes for KRACK vulnerabilities.

KRACK is an attack technique, which stands for Key Reinstallation Attack, which could allow an attacker within wireless range of a victim to access information assumed to be safely encrypted.

RELATED STORIES
Rockwell KRACK Advisory for Stratix 5100
Cisco Clears WPA2, Cloud Issues
WPA2 Vulnerable to Wi-Fi Hack
Ensuring OT Cybersecurity

The attacker could then steal information such as credit card numbers, passwords, chat messages, emails, and photos.

The issues were found in the Wi-Fi standard itself, and all correct implementations of WPA2 were assumed to be affected.

Industrial networking devices are impacted too, including products from Cisco, Rockwell Automation and Sierra Wireless.

The KRACK-related vulnerability impacting iOS devices is tracked as CVE-2017-13080 and ended up addressed in iOS 11.1, for iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later, Apple said in an advisory.

In addition, iOS 11.1 resolves an additional 19 vulnerabilities impacting components such as CoreText, Kernel, Messages, Siri, StreamingZip, UIKit, and WebKit. These bugs could lead to arbitrary code execution, information disclosure, or to the modification of restricted areas of the file system.

WebKit was the most affected component, with 13 vulnerabilities addressed in it (10 of the issues were reported by Ivan Fratric of Google Project Zero). The bugs could lead to arbitrary code execution when processing maliciously crafted web content and were addressed through improved memory handling.

The same KRACK-related vulnerability was addressed in tvOS 11.1 and watchOS 4.1 as well. The former resolves 17 flaws in the platform, while the latter patches 4 issues.

macOS High Sierra 10.13.1 includes patches for three KRACK-related flaws, CVE-2017-13077, CVE-2017-13078, and CVE-2017-13080.



Leave a Reply

You must be logged in to post a comment.