Apple has continued to roll out patches to fix the KRACK (Key Reinstallation AttaCKs) series of vulnerabilities, this time in its AirPort Base Station firmware.
The security fixes are for AirPort Express, AirPort Extreme and AirPort Time Capsule 802.11n and 802.11AC base stations. The issue, if left unpatched and exploited, would allow an attacker in Wi-Fi to force nonce reuse in WPA unicast/PTK clients KRACK attacks. This is due to a logic issue existing in the handling of state transitions and was addressed with improved state management.
The vulnerabilities covered in this release are CVE-2017-13077, CVE-2017-13078 and CVE-2017-13080. All were reported by Mathy Vanhoef of the imec-DistriNet group at KU Leuven.
Apple addressed KRACK vulnerabilities in iOS and macOS in early November.