Apple Says 'KRACK' Wi-Fi Vulnerabilities Are Already Patched in iOS, macOS, watchOS, and tvOS Betas

Discussion in ' News Discussion' started by MacRumors, Oct 16, 2017.

  1. iapplelove macrumors 601


    Nov 22, 2011
    East Coast USA
    This is also true. However I still stand by the idea, it’s better to update than not. I wait about 24 hours after a fresh update is released then I download.

    Way too many security patches not to update imo.
  2. WannaGoMac macrumors 68020

    Feb 11, 2007
    Apple told these folks their routers appear not to be vulnerable,

    "Update: Apple has told iMore that KRACK has already been fixed in the beta versions of iOS, macOS, watchOS, and tvOS, and that AirPort routers and Time Capusules don't appear to be vulnerable too the exploit."
  3. dumastudetto macrumors 68030

    Aug 28, 2013
    According to the highly technical discussions I've been reading on Ars this is untrue. The fixes for routers address a specific client mode vulnerability in some routers, but will do nothing to protect clients that remain unpatched.

    Apparently the AirPort Extreme doesn't support the specific client mode vulnerable to this attack, so that's why they have been able to tell iMore the device doesn't require patching. But obviously that doesn't mean all the client devices connecting to an AirPort Extreme are safe. Which is why Apple is working on patches for the clients.

    Bottom line - you will have to upgrade to iOS 11 now. Apple will not allow iOS 11 compatible devices to update to a patched 10.3.4, assuming they even issue a patch for older iOS 10 only devices.
  4. Ferc Kast macrumors regular

    Ferc Kast

    Sep 26, 2012
    Ohio, USA
    I thought they called it the iPhone SE
  5. WannaGoMac macrumors 68020

    Feb 11, 2007
    Still not going to upgrade to iOS 11 on my old 6+. I'm ok with the risk as the hack is hardly simple. Additionally, where i use Wifi the signal barely propagates it's so populated,wifi i use is mostly Airport Extremes (not vulnerable), or at work with professional grade Wifi which will also be patched.
  6. urnotl33t macrumors member


    Jan 26, 2017
    Holly Springs, NC, USA
    I'll second this. (i do network security and wifi; see my twitter and linkedin info to confirm). Wherever your web browser is using "https" (where you see that lock icon), you're ok. Banking and credit card transmissions are ok. This is protected by a higher level function (HTTPS, SSL, TLS), so even if your WiFi stuff may be intercepted, the higher level traffic is still secured by another arrangement of trusted communications.

    (I'm being generic for the "gramma" above; and to that Gramma, I'm impressed that you're involved and paying attention to all this, and you should be proud of yourself! Folks like you make me hopeful for our future.)
  7. LotusLord macrumors 6502


    Apr 28, 2008
    The Capital of the Land of Cheese and Beer
    Yes most likely.
  8. John Fridinger macrumors newbie

    Jul 25, 2012
    May I ask of some of you who understand this, is it right to assume that an attacker needs to be within effective wifi range of my home router to accomplish anything, and that in public with my iPhone, if I am not actively connected to a wifi network then there is also no risk? Until all this is patched...? And that even if I do connect to a public wifi network with my iPhone, if I am not doing anything that relates to passwords, card numbers, etc, then there is still no risk of loss of anything other than perhaps a bit of privacy...?
  9. rhoydotp macrumors 6502


    Sep 28, 2006
    Maybe I missed this. Where does the attacker's machine connected to? Does it have to be connected to the same SSID or it's just scanning the air for whatever comes in?

  10. Rigby macrumors 601

    Aug 5, 2008
    San Jose, CA
    Yes and yes.
    Most public Wifi networks don't use WPA2 encryption anyway, and even if they do, you don't know what happens to the data behind the access point. So they are as unsafe as ever and KRACK doesn't really change anything.
  11. dmwinsd macrumors newbie

    Oct 17, 2017
    I think there are also a couple of additional Broadcom WiFi problems not addressed in 10.3.3. We need 10.3.4!
  12. IPadNParadise macrumors 6502


    Jan 12, 2013
    Thank you very much for your comments
  13. Mojo1 macrumors 65816

    Jul 26, 2011
    Feenician is incorrect in saying that a VPN cannot protect against the KRACK exploit. A quick Internet search using "KRACK VPN" turns up multiple sources that confirm that a VPN is one of the easiest ways to protect yourself. Nothing that I have read about KRACK states that the exploit is capable of decrypting encrypted data streams. If Feenician knows something that everyone else does not, he/she should provide links to reputable sources.

    We should all be using a VPN whenever we are online, as it prevents an ISP from logging online activities and selling the data. There are other benefits but that one alone should be enough to convince anyone that a VPN is a low-cost no-brainer.

    I recommend Private Internet Access is the one to use if you want as close to zero logging as possible. Both companies have inexpensive annual subscriptions for OS and iOS devices.
  14. s1m macrumors 6502

    Apr 28, 2008
    When exactly do you want to turn off wifi and Bluetooth but not cellular? I am more inclined to turn off cellular and keep BT/wifi connected than the other way around.
  15. oliversl macrumors 65816

    Jun 29, 2007
  16. nutmac macrumors 68040

    Mar 30, 2004
    There are many misinformation out there, but this much seems to be true.

    From Wi-Fi Security Flaw Not As Bad As It’s KRACKed Up To Be:

    Conversations with a few security experts made it clear that while the Wi-Fi access point side of the equation isn’t at fault for these negotiation flaws, even consumer-scale access points could be updated to block, resist, or report KRACKs. (There’s one exception: corporate-scale access points that support “fast handoff” act a little bit like a client in that mode, and routers with that feature have to be patched, too.)

    So while it's the client devices themselves that are at risk (unless multiple routers are meshed with fast handoff, aka 802.11r), a good router can prevent KRACK altogether.

    AirPort Extreme and Time Capsule are not prone to KRACK themselves. But it is not known whether they can resist KRACK from affecting unpatched client devices.
  17. steve123, Oct 17, 2017
    Last edited: Oct 18, 2017

    steve123 macrumors 6502

    Aug 26, 2007
    The CERT website shows Red Hat patched their stuff Oct 4. Many others patched before the announcement. There is still no patch from Apple.
    --- Post Merged, Oct 17, 2017 ---
    Yeah, their response on this seems odd.
  18. boppin macrumors regular

    Jun 14, 2008
    can anyone tell if there will be a security update for El Cap?

    as far as I remember Apple support it until 2018.
  19. dumastudetto macrumors 68030

    Aug 28, 2013
    I wouldn't be relying on tidbits for security advice. They are good people, but there are far better sources of information when it comes to this kind of thing.

    The researchers behind KRACK make it very clear both client and AP needs to be patched. They have published an FAQ that confirms it. It is the client that is most important to be patched and most vulnerable. I have not seen one shred of credible evidence that suggests this threat can be mitigated by patching only the AP.
  20. seedylee macrumors newbie

    Jul 18, 2017
    They should be rolling out the same security updates for prior major versions, in my opinion. It shouldn't be necessary to upgrade to a new major version, and risk breaking compatibility with applications and other systems, just to remain secure.

    I do wish Apple would stop changing things!
  21. yongtjunkit macrumors member

    Feb 5, 2016
    What about my iPhone 5 running ios 10.3.3?? It doesn't get ios 11.1 not even ios 11.
  22. mi7chy macrumors 601


    Oct 24, 2014
    Windows, Linux and LineageOS Android have already been updated. So much for controlling both hardware and software.
  23. Yvan256 macrumors 601


    Jul 5, 2004

    If we don't like both the software and the hardware, we're supposed to just pack our bags and go elsewhere? That's what's insane about being a Mac user. Wait until Apple makes decisions that affect you and you'll change your tune.
  24. Jayson A macrumors 68000

    Sep 16, 2014
    Which iOS version is patched? I'm not updating to iOS 11. I'm tired of letting Apple slow my devices down artificially.
  25. Roadstar macrumors 65816


    Sep 24, 2006
    Vantaa, Finland
    Only iOS 11.1 beta so far. If you’re not going to update to iOS 11, you’re most likely going to remain vulnerable as it seems like Apple stops caring about older iOS versions the minute a newer version is released.

Share This Page