Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple addresses KRACK exploits in AirPort Base Station firmware

Apple has continued to roll out patches to fix the KRACK (Key Reinstallation AttaCKs) series of vulnerabilities, this time in its AirPort Base Station firmware.

The security fixes are for AirPort Express, AirPort Extreme and AirPort Time Capsule 802.11n and 802.11AC base stations. The issue, if left unpatched and exploited, would allow an attacker in Wi-Fi to force nonce reuse in WPA unicast/PTK clients KRACK attacks. This is due to a logic issue existing in the handling of state transitions and was addressed with improved state management.

The vulnerabilities covered in this release are CVE-2017-13077, CVE-2017-13078 and CVE-2017-13080. All were reported by Mathy Vanhoef of the imec-DistriNet group at KU Leuven.

Apple addressed KRACK vulnerabilities in iOS and macOS in early November.

Related

Security concerns curb open source utilization

Open source software utilization has been scaled back by nearly 40% of industry professionals due to security concerns, with more than 50% reducing open source usage following the emergence of the widespread Log4j vulnerability, The Register reports.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.