macOS Sierra, El Capitan security updates patch KRACK Wi-Fi exploit

Posted:
in macOS
On the same day that Apple patched it's front-line operating systems for the KRACK Wi-Fi attack vector, the company has also reached back a bit, and issued security updates for Sierra and El Capitan to fix the problem.




Security updates 2017-001 and 2017-004 for Sierra and El Capitan respectively contain just fixes for the KRACK wi-fi exploit that still plagues Android and router manufacturers since its debut earlier in October. Both updates are available through the Mac App Store.

Apple has issued no comment on patch status for the Airport family. The last firmware update for the Airport Extreme Base Station or Time Capsule was issued in December.

AppleInsider has reached out to Apple for more information regarding the AirPort family of devices, and has not as of yet received a response.

The exploit takes advantage of a four-way handshake between a router and a connecting device to establish the encryption key. Properly executed, the third step can be compromised, resulting in the re-use of an encryption key -- or in some cases in Android and Linux, the establishment of a null key.

The researchers who discovered the attack claim that the exploit completely opens up an Android 6.0 and later devices. Other operating systems, including iOS and macOS are less impacted, but "a large number of packets" can still be decrypted from all.

Both a router and a client device must be susceptible to the KRACK Attack vector for the assault to succeed. If either are patched, then no data can be gleaned from the man-in-the-middle method.

Comments

  • Reply 1 of 6
    sc_marktsc_markt Posts: 1,393member
    Does this exploit exist on Mavericks? Apple didn't fix the keychain issue for Mavericks and this pisses me off...

    I don't want to update to a newer MacOS because they are getting more iOS like. 
  • Reply 2 of 6
    chiachia Posts: 694member
    sc_markt said:
    Does this exploit exist on Mavericks? Apple didn't fix the keychain issue for Mavericks and this pisses me off...

    I don't want to update to a newer MacOS because they are getting more iOS like. 
    I doubt they've fixed it in MacOS 9.1 either.
    There comes a stage when someone has to either move on and progress or stand still and decline.

    If you can run Mavericks on your Mac you can run  definitely run El Capitan and possibly even the current High Sierra.
    You can do everything in El Capitan or High Sierra that you can do in Mavericks and in pretty much the same way too.

    Okay, the aesthetic may look garish to you and whilst it's nice to have as much as possible pleasing to the eye, it's a question of what is of greater priority for you, how things look on your computer or what it enables you to do safely and securely.  Besides, MacOS remains quite customizable in look and feel.
  • Reply 3 of 6
    chia said:
    sc_markt said:
    Does this exploit exist on Mavericks? Apple didn't fix the keychain issue for Mavericks and this pisses me off...

    I don't want to update to a newer MacOS because they are getting more iOS like. 
    I doubt they've fixed it in MacOS 9.1 either.
    There comes a stage when someone has to either move on and progress or stand still and decline.

    If you can run Mavericks on your Mac you can run  definitely run El Capitan and possibly even the current High Sierra.
    You can do everything in El Capitan or High Sierra that you can do in Mavericks and in pretty much the same way too.

    Okay, the aesthetic may look garish to you and whilst it's nice to have as much as possible pleasing to the eye, it's a question of what is of greater priority for you, how things look on your computer or what it enables you to do safely and securely.  Besides, MacOS remains quite customizable in look and feel.
    Garish? Please explain what's garish about it.
  • Reply 4 of 6
    SoliSoli Posts: 8,680member
    What's the over/under on Apple updating their AirPort router firmware to fix this WPA2 (IEEE_802.11i-2004) issue?

    sc_markt said:
    Does this exploit exist on Mavericks? Apple didn't fix the keychain issue for Mavericks and this pisses me off...

    I don't want to update to a newer MacOS because they are getting more iOS like. 
    It exists for all devices that use WPA2 security protocol, but I doubt there will be an update. Keep in mind that Mavericks (10.9) hasn't been updated since 2014 and Macs that support the just released High Sierra (10.13) go back 8 years to 2009. If you're concerned I'd consider having an always-on paid VPN from a reputable vendor, as that will also protect you from this WPA2 bug.
  • Reply 5 of 6
    Security updates 2017-001 and 2017-004 for Sierra and El Capitan respectively contain just fixes for the KRACK wi-fi exploit that still plagues Android and router manufacturers since its debut earlier in October. Both updates are available through the Mac App Store.
    I see that the headline has been changed, but that sentence remains in the story.

    The update for El Cap contains more than 30 other fixes, in addition to the one for KRACK.

    It's not to be missed, even without the KRACK patch.

    chia
  • Reply 6 of 6
    chiachia Posts: 694member
    chia said:
    sc_markt said:
    Does this exploit exist on Mavericks? Apple didn't fix the keychain issue for Mavericks and this pisses me off...

    I don't want to update to a newer MacOS because they are getting more iOS like. 
    If you can run Mavericks on your Mac you can run  definitely run El Capitan and possibly even the current High Sierra.
    You can do everything in El Capitan or High Sierra that you can do in Mavericks and in pretty much the same way too.

    Okay, the aesthetic may look garish to you and whilst it's nice to have as much as possible pleasing to the eye, it's a question of what is of greater priority for you, how things look on your computer or what it enables you to do safely and securely.  Besides, MacOS remains quite customizable in look and feel.
    Garish? Please explain what's garish about it.

    it's been a while since I last used Mavericks and Yosemite  so I've had to refer to the Wikipedia articles about them (OS X Yosemite).
    Apparently the key changes to Yosemite, the next OS after Mavericks, is the aesthetic of the graphic interface looks to bring them in line with how they look in iOS.  Also a change in default system font and the replacement of iPhotos with Photos.  Otherwise conceptually a user interacts with their Mac the same way as before.  I'd go as far as to say that other than clicking the green window button to make a window full-screen, you can interact with High Sierra in exactly the same way you could with the first version of OS X, 10.0 (Cheetah).  Seeing that sc_markt remains on Mavericks and that the change in Yosemite was largely cosmetic or optimisation, the inference is that sc_markt considers later OS X/macOS too garish in looking like iOS to be used.

    Myself personally, I was a bit surprised, even taken aback by the new style introduced by Yosemite, but I've grown used it to the point of even liking it, and I like even more the other new features that make it even easier to get stuff done on my Mac.
Sign In or Register to comment.