Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Says 'KRACK' Wi-Fi Vulnerabilities Are Already Patched in iOS, macOS, watchOS, and tvOS Betas
- Thread starter MacRumors
- Start date
- Sort by reaction score
Wow, the way I read them it seems like I still have multiple vulnerable iDevices despite them receiving seemingly latest updates. This includes devices such as iPhone 6, iPad Air 2, Apple TV 4th gen, and the Apple Watch Series 0. Either they weren't vulnerable in the first place or Apple just hasn't patched them. The latter option would suck and pretty much negate the update advantage iOS has had.
Perhaps a third option:
(i) not vulnerable in the first place
(ii) Apple just hasn't patched them, or
(iii) Apple didn't implement WPA2 according to specification and might be vulnerable to a modified attack, but not the original one.
Just like with the Airport devices, we don't really know until we get an official statement from Apple.
Good point. An official statement from Apple regarding this would be nice, but I'm not actually holding my breath for one.
It looks like #3 is the likely answer, but that brings another question. Do older devices have correct implementation of WPA2 now?
According to Apple's support document:
So the first type of KRACK attack does not impact older devices. But what about the second one?
Thanks. They've updated the document since I first posted:
WiFi: Available for: iPhone 8, iPhone 8 Plus, and iPhone X
Not impacted: iPhone 7, iPhone 7 Plus, iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, iPad Air and later, and iPod Touch 6th generation
CVE-2017-13077 and CVE-2017-13078
WiFi: Available for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later
CVE-2017-13080
https://support.apple.com/kb/HT208222
So it seems reasonably clear for iOS that at least the known exploits are patched (or not vulnerable) for iPhone SE, iPhone 5s, iPhone 6 and later. Still no official statements on some other devices. My Airport Express is quite new and can still be found for sale in the Apple store. Some sort of official statement is needed here.
Last edited:
Seems like they basically added another related but separate entry for something additional that was addressed related to KRACK for iPhone 8 and X line of phones in particular, which doesn't impact older devices.
But the second Wi-Fi KRACK issue does not say whether older iPhones and iPads are not impacted, which suggests the issue is not resolved.
A firmware update for Time Capsules/Airports has just been released. This addresses the KRACK vulnerability. See my earlier tips for instaling the update.
It had been an entire year since the last firmware update, and some of the stuff fixed was from JUNE. I was really unclear on whether it was still supported, but then they're still selling it in the store, so...
Sadly, a six month lag on fixing something is GOOD by consumer router standards lol
I really like Apple's routers though and wish they'd keep fully supporting them/updating them, but at least for now the current models seem to be supported.
Sadly, a six month lag on fixing something is GOOD by consumer router standards lol
I really like Apple's routers though and wish they'd keep fully supporting them/updating them, but at least for now the current models seem to be supported.