Update: Apple sent me the following statement on the KRACK exploit, confirming the upcoming patches:
"Apple is deeply committed to protecting our customers' data. The fix for the KRACK WiFi vulnerability is currently in the betas of iOS, macOS, watchOS and tvOS and will soon be rolled out to customers."
KRACK is an exploit that attacks the way WPA2 protects Wi-Fi access points. While it's bad, there are a are a few factors that prevent it from being truly damaging to the state of modern wireless networking.
First, it can be patched. We don't need a new standard like we did when WEP was broken and everyone had to move to WPA2.
From the KRAK Q&A:
implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point (AP), and vice versa. In other words, a patched client or access point sends exactly the same handshake messages as before, and at exactly the same moment in time.
Second, in some cases, access points won't need to be updated.
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming).
For example, it's my understanding that Apple's AirPorts, including Express, Extreme, and Time Capsule don't seem be vulnerable to the exploit, even if using one as a bridge.
If you're using a different router, we're maintaining a list of updates that you can consult as needed. If in doubt, contact your vendor directly.
For ordinary home users, your priority should be updating clients such as laptops and smartphones.
Third, Apple has confirmed to me that the KRACK exploit has already been patched in iOS, tvOS, watchOS, and macOS betas.
As soon as the updates leave beta, they'll be pushed out to everyone. We'll have to wait and see how fast other manufacturers are to respond, and how many of our connected devices receive updates.
KRAK attack: Everything you need to know
Updated to reflect the need for both client and point-of-access updates, if and when available.
Waterfield's Air Duffel Carry-On Bag is just the right size for air travel
Waterfield's Air Duffel Carry-On Bag is perfectly sized to fit under the seat on most airlines, so it can count as your personal bag rather than a carry-on. Yet, you can pack a lot into this small duffel bag, making it ideal for air travel.
'Apple Music for Business' to bring licensed music playback to businesses
Apple has announced the launch of its new Apple Music for Business plans, in partnership with PlayNetwork.
Get four free iPhones with T-Mobile on Magenta Friday, Nov. 22
T-Mobile has announced its "on us" promotion for 'Magenta Friday', on November 22. According to their press release, new and existing customers will be able to get up to four iPhone 11 or iPhone XR devices, paying only the sales tax over the course of 24 months.
Great video editing software for your Mac
You don't need to buy expensive video-editing software to get the job done. Here are some of the hottest video-editing software for Mac on the market today.
