Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple addresses KRACK exploits in iOS and macOS updates


Apple has finally addressed the KRACK vulnerabilities in its latest macOS High Sierra, Sierra, El Capitan, iOS 11.1, tvOS and watchOS .

Discovered last month, KRACK (Key Reinstallation AttaCKs) is series of related vulnerabilities that affect every device using WPA2 encryption could allow nearby attackers to intercept and steal data transmitted across a Wi-Fi network.

The latest iOS update includes patches for 13 bugs in Webkit, and other fixes in the kernel, iMessages, Siri, UIKit, StreamingZip, and CoreText. The MacOS updates included several kernel patches and nearly 90 CVE vulnerabilities were addressed with tcpdump.

Apple also released updates for Cloud for Windows 7.1, iTunes 12.7.1 for Windows, and Safari 11.1.

An attacker would need to be within Wi-Fi range in order to compromise a client as the vulnerability and US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.