Apple Says 'KRACK' Wi-Fi Vulnerabilities Are Already Patched in iOS, macOS, watchOS, and tvOS Betas

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Oct 16, 2017.

  1. iapplelove macrumors 601

    iapplelove

    Joined:
    Nov 22, 2011
    Location:
    East Coast USA
    #176
    This is also true. However I still stand by the idea, it’s better to update than not. I wait about 24 hours after a fresh update is released then I download.

    Way too many security patches not to update imo.
     
  2. WannaGoMac macrumors 68020

    Joined:
    Feb 11, 2007
    #177
    Apple told these folks their routers appear not to be vulnerable,

    https://www.imore.com/krack

    "Update: Apple has told iMore that KRACK has already been fixed in the beta versions of iOS, macOS, watchOS, and tvOS, and that AirPort routers and Time Capusules don't appear to be vulnerable too the exploit."
     
  3. dumastudetto macrumors 68030

    Joined:
    Aug 28, 2013
    #178
    According to the highly technical discussions I've been reading on Ars this is untrue. The fixes for routers address a specific client mode vulnerability in some routers, but will do nothing to protect clients that remain unpatched.

    Apparently the AirPort Extreme doesn't support the specific client mode vulnerable to this attack, so that's why they have been able to tell iMore the device doesn't require patching. But obviously that doesn't mean all the client devices connecting to an AirPort Extreme are safe. Which is why Apple is working on patches for the clients.

    Bottom line - you will have to upgrade to iOS 11 now. Apple will not allow iOS 11 compatible devices to update to a patched 10.3.4, assuming they even issue a patch for older iOS 10 only devices.
     
  4. Ferc Kast macrumors regular

    Ferc Kast

    Joined:
    Sep 26, 2012
    Location:
    Ohio, USA
    #179
    I thought they called it the iPhone SE
     
  5. WannaGoMac macrumors 68020

    Joined:
    Feb 11, 2007
    #180
    Still not going to upgrade to iOS 11 on my old 6+. I'm ok with the risk as the hack is hardly simple. Additionally, where i use Wifi the signal barely propagates it's so populated,wifi i use is mostly Airport Extremes (not vulnerable), or at work with professional grade Wifi which will also be patched.
     
  6. urnotl33t macrumors member

    urnotl33t

    Joined:
    Jan 26, 2017
    Location:
    Holly Springs, NC, USA
    #181
    I'll second this. (i do network security and wifi; see my twitter and linkedin info to confirm). Wherever your web browser is using "https" (where you see that lock icon), you're ok. Banking and credit card transmissions are ok. This is protected by a higher level function (HTTPS, SSL, TLS), so even if your WiFi stuff may be intercepted, the higher level traffic is still secured by another arrangement of trusted communications.

    (I'm being generic for the "gramma" above; and to that Gramma, I'm impressed that you're involved and paying attention to all this, and you should be proud of yourself! Folks like you make me hopeful for our future.)
     
  7. LotusLord macrumors 6502

    LotusLord

    Joined:
    Apr 28, 2008
    Location:
    The Capital of the Land of Cheese and Beer
    #182
    Yes most likely.
     
  8. John Fridinger macrumors newbie

    Joined:
    Jul 25, 2012
    #183
    May I ask of some of you who understand this, is it right to assume that an attacker needs to be within effective wifi range of my home router to accomplish anything, and that in public with my iPhone, if I am not actively connected to a wifi network then there is also no risk? Until all this is patched...? And that even if I do connect to a public wifi network with my iPhone, if I am not doing anything that relates to passwords, card numbers, etc, then there is still no risk of loss of anything other than perhaps a bit of privacy...?
     
  9. rhoydotp macrumors 6502

    rhoydotp

    Joined:
    Sep 28, 2006
    #184
    Maybe I missed this. Where does the attacker's machine connected to? Does it have to be connected to the same SSID or it's just scanning the air for whatever comes in?

    Thanks
     
  10. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #185
    Yes and yes.
    Most public Wifi networks don't use WPA2 encryption anyway, and even if they do, you don't know what happens to the data behind the access point. So they are as unsafe as ever and KRACK doesn't really change anything.
     
  11. dmwinsd macrumors newbie

    Joined:
    Oct 17, 2017
    #186
    I think there are also a couple of additional Broadcom WiFi problems not addressed in 10.3.3. We need 10.3.4!
     
  12. IPadNParadise macrumors 6502

    IPadNParadise

    Joined:
    Jan 12, 2013
    #187
    Thank you very much for your comments
     
  13. Mojo1 macrumors 65816

    Joined:
    Jul 26, 2011
    #188
    Feenician is incorrect in saying that a VPN cannot protect against the KRACK exploit. A quick Internet search using "KRACK VPN" turns up multiple sources that confirm that a VPN is one of the easiest ways to protect yourself. Nothing that I have read about KRACK states that the exploit is capable of decrypting encrypted data streams. If Feenician knows something that everyone else does not, he/she should provide links to reputable sources.

    We should all be using a VPN whenever we are online, as it prevents an ISP from logging online activities and selling the data. There are other benefits but that one alone should be enough to convince anyone that a VPN is a low-cost no-brainer.

    I recommend Witopia.net. Private Internet Access is the one to use if you want as close to zero logging as possible. Both companies have inexpensive annual subscriptions for OS and iOS devices.
     
  14. s1m macrumors 6502

    Joined:
    Apr 28, 2008
    #189
    When exactly do you want to turn off wifi and Bluetooth but not cellular? I am more inclined to turn off cellular and keep BT/wifi connected than the other way around.
     
  15. oliversl macrumors 65816

    Joined:
    Jun 29, 2007
  16. nutmac macrumors 68040

    Joined:
    Mar 30, 2004
    #191
    There are many misinformation out there, but this much seems to be true.

    From Wi-Fi Security Flaw Not As Bad As It’s KRACKed Up To Be:

    Conversations with a few security experts made it clear that while the Wi-Fi access point side of the equation isn’t at fault for these negotiation flaws, even consumer-scale access points could be updated to block, resist, or report KRACKs. (There’s one exception: corporate-scale access points that support “fast handoff” act a little bit like a client in that mode, and routers with that feature have to be patched, too.)

    So while it's the client devices themselves that are at risk (unless multiple routers are meshed with fast handoff, aka 802.11r), a good router can prevent KRACK altogether.

    AirPort Extreme and Time Capsule are not prone to KRACK themselves. But it is not known whether they can resist KRACK from affecting unpatched client devices.
     
  17. steve123, Oct 17, 2017
    Last edited: Oct 18, 2017

    steve123 macrumors 6502

    Joined:
    Aug 26, 2007
    #192
    The CERT website shows Red Hat patched their stuff Oct 4. Many others patched before the announcement. There is still no patch from Apple.
    --- Post Merged, Oct 17, 2017 ---
    Yeah, their response on this seems odd.
     
  18. boppin macrumors regular

    Joined:
    Jun 14, 2008
    Location:
    Germany
    #193
    can anyone tell if there will be a security update for El Cap?

    as far as I remember Apple support it until 2018.
     
  19. dumastudetto macrumors 68030

    Joined:
    Aug 28, 2013
    #194
    I wouldn't be relying on tidbits for security advice. They are good people, but there are far better sources of information when it comes to this kind of thing.

    The researchers behind KRACK make it very clear both client and AP needs to be patched. They have published an FAQ that confirms it. It is the client that is most important to be patched and most vulnerable. I have not seen one shred of credible evidence that suggests this threat can be mitigated by patching only the AP.
     
  20. seedylee macrumors newbie

    Joined:
    Jul 18, 2017
    #195
    They should be rolling out the same security updates for prior major versions, in my opinion. It shouldn't be necessary to upgrade to a new major version, and risk breaking compatibility with applications and other systems, just to remain secure.

    I do wish Apple would stop changing things!
     
  21. yongtjunkit macrumors member

    Joined:
    Feb 5, 2016
    #196
    What about my iPhone 5 running ios 10.3.3?? It doesn't get ios 11.1 not even ios 11.
     
  22. mi7chy macrumors 601

    mi7chy

    Joined:
    Oct 24, 2014
    #197
    Windows, Linux and LineageOS Android have already been updated. So much for controlling both hardware and software.
     
  23. Yvan256 macrumors 601

    Yvan256

    Joined:
    Jul 5, 2004
    Location:
    Canada
    #198

    If we don't like both the software and the hardware, we're supposed to just pack our bags and go elsewhere? That's what's insane about being a Mac user. Wait until Apple makes decisions that affect you and you'll change your tune.
     
  24. Jayson A macrumors 68000

    Joined:
    Sep 16, 2014
    #199
    Which iOS version is patched? I'm not updating to iOS 11. I'm tired of letting Apple slow my devices down artificially.
     
  25. Roadstar macrumors 65816

    Roadstar

    Joined:
    Sep 24, 2006
    Location:
    Vantaa, Finland
    #200
    Only iOS 11.1 beta so far. If you’re not going to update to iOS 11, you’re most likely going to remain vulnerable as it seems like Apple stops caring about older iOS versions the minute a newer version is released.
     

Share This Page