Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security updates
https://support.apple.com/kb/HT201222

For macOS
WiFi: for macOS High Sierra 10.13, macOS Sierra 10.12.6, OS X El Capitan 10.11.6
Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
https://support.apple.com/kb/HT208221

For watchOS 4.1
WiFi: for Apple Watch Series 1 and Apple Watch Series 2
Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
https://support.apple.com/kb/HT208220

For tvOS 11.1
WiFi: for Apple TV 4K
Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)
https://support.apple.com/kb/HT208219

For iOS 11.1
https://support.apple.com/kb/HT208222
WiFi: for iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later
Impact: an attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)

Not sure if there is anything for iPhone 6 or earlier.
Wow, the way I read them it seems like I still have multiple vulnerable iDevices despite them receiving seemingly latest updates. This includes devices such as iPhone 6, iPad Air 2, Apple TV 4th gen, and the Apple Watch Series 0. Either they weren't vulnerable in the first place or Apple just hasn't patched them. The latter option would suck and pretty much negate the update advantage iOS has had.
 
  • Like
Reactions: bernuli
Wow, the way I read them it seems like I still have multiple vulnerable iDevices despite them receiving seemingly latest updates. This includes devices such as iPhone 6, iPad Air 2, Apple TV 4th gen, and the Apple Watch Series 0. Either they weren't vulnerable in the first place or Apple just hasn't patched them. The latter option would suck and pretty much negate the update advantage iOS has had.

Perhaps a third option:

(i) not vulnerable in the first place
(ii) Apple just hasn't patched them, or
(iii) Apple didn't implement WPA2 according to specification and might be vulnerable to a modified attack, but not the original one.

Just like with the Airport devices, we don't really know until we get an official statement from Apple.
 
Perhaps a third option:

(i) not vulnerable in the first place
(ii) Apple just hasn't patched them, or
(iii) Apple didn't implement WPA2 according to specification and might be vulnerable to a modified attack, but not the original one.

Just like with the Airport devices, we don't really know until we get an official statement from Apple.

Good point. An official statement from Apple regarding this would be nice, but I'm not actually holding my breath for one.
 
  • Like
Reactions: bernuli
Perhaps a third option:

(i) not vulnerable in the first place
(ii) Apple just hasn't patched them, or
(iii) Apple didn't implement WPA2 according to specification and might be vulnerable to a modified attack, but not the original one.

Just like with the Airport devices, we don't really know until we get an official statement from Apple.
It looks like #3 is the likely answer, but that brings another question. Do older devices have correct implementation of WPA2 now?

According to Apple's support document:
Wi-Fi

Available for: iPhone 8, iPhone 8 Plus, and iPhone X

Not impacted: iPhone 7, iPhone 7 Plus, iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, iPad Air and later, and iPod Touch 6th generation

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven​

Wi-Fi

Available for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

Entry updated November 3, 2017​

So the first type of KRACK attack does not impact older devices. But what about the second one?
 
It looks like #3 is the likely answer, but that brings another question. Do older devices have correct implementation of WPA2 now?

According to Apple's support document:

So the first type of KRACK attack does not impact older devices. But what about the second one?

Thanks. They've updated the document since I first posted:

WiFi: Available for: iPhone 8, iPhone 8 Plus, and iPhone X
Not impacted: iPhone 7, iPhone 7 Plus, iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, iPad Air and later, and iPod Touch 6th generation
CVE-2017-13077 and CVE-2017-13078

WiFi: Available for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later
CVE-2017-13080

https://support.apple.com/kb/HT208222

So it seems reasonably clear for iOS that at least the known exploits are patched (or not vulnerable) for iPhone SE, iPhone 5s, iPhone 6 and later. Still no official statements on some other devices. My Airport Express is quite new and can still be found for sale in the Apple store. Some sort of official statement is needed here.
 
Last edited:
  • Like
Reactions: bernuli
Thanks. They've updated the document since I first posted:

WiFi: Available for: iPhone 8, iPhone 8 Plus, and iPhone X
Not impacted: iPhone 7, iPhone 7 Plus, iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, iPad Air and later, and iPod Touch 6th generation
CVE-2017-13077 and CVE-2017-13078

WiFi: Available for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later
CVE-2017-13080

https://support.apple.com/kb/HT208222

So it seems reasonably clear for iOS that at least the known exploits are patched for iPhone SE, iPhone 5s, iPhone 6 and later. Still no official statements on some other devices. My Airport Express is quite new and can still be found for sale in the Apple store. Some sort of official statement is needed here.
Seems like they basically added another related but separate entry for something additional that was addressed related to KRACK for iPhone 8 and X line of phones in particular, which doesn't impact older devices.
 
Thanks. They've updated the document since I first posted:

WiFi: Available for: iPhone 8, iPhone 8 Plus, and iPhone X
Not impacted: iPhone 7, iPhone 7 Plus, iPhone 6s, iPhone 6s Plus, iPhone 6, iPhone 6 Plus, iPhone SE, iPhone 5s, iPad Air and later, and iPod Touch 6th generation
CVE-2017-13077 and CVE-2017-13078

WiFi: Available for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later
CVE-2017-13080

https://support.apple.com/kb/HT208222

So it seems reasonably clear for iOS that at least the known exploits are patched (or not vulnerable) for iPhone SE, iPhone 5s, iPhone 6 and later. Still no official statements on some other devices. My Airport Express is quite new and can still be found for sale in the Apple store. Some sort of official statement is needed here.
But the second Wi-Fi KRACK issue does not say whether older iPhones and iPads are not impacted, which suggests the issue is not resolved.
 
A firmware update for Time Capsules/Airports has just been released. This addresses the KRACK vulnerability. See my earlier tips for instaling the update.
 
It had been an entire year since the last firmware update, and some of the stuff fixed was from JUNE. I was really unclear on whether it was still supported, but then they're still selling it in the store, so...

Sadly, a six month lag on fixing something is GOOD by consumer router standards lol

I really like Apple's routers though and wish they'd keep fully supporting them/updating them, but at least for now the current models seem to be supported.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.