Apple says it has already patched the “KRACK” security vulnerabilities in the WPA2 Wi-Fi standard in beta versions of its iOS, macOS, tvOS and watchOS operating systems.
iMore‘s Rene Ritchie says Apple told him the exploits have been addressed, in the current betas now available to developers, which will roll out to consumers in the near future.
Deeper dive to follow.
— Rene Ritchie (@reneritchie) October 16, 2017
Security researcher Mathy Vanhoef cracked WPA2, the encryption standard used to secure most modern Wi-Fi networks. This exploit would allow an attacker to read all information passing over a wireless network secured by WPA2.
As a proof-of-concept, Vanhoef’s team executed a key reinstallation attack against an Android smartphone. In the demonstration, the attacker was able to decrypt all data that the victim transmits.
The attacks only decrypt data encrypted by the Wi-Fi connection, but can’t touch data encrypted by a secure website encrypted using the HTTPS protocol. However, improperly configured sites can be exploited to get drop the HTTPS connection. So, this isn’t completely secure either.
While we’re waiting for the updates of iOS, macOS, tvOS, and watchOS to be released to the public, users are advised to avoid public Wi-Fi hotspots, use Ethernet for your ethernet-equipped Apple devices, and use a VPN when possible.