Network Security, Patch/Configuration Management, Vulnerability Management

Apple releases security updates in devices shortly after releasing another KRACK fix


Apple released security updates for its cellphones, set top box and Window's iCloud platform shortly after rolling out another patch for the KRACK exploits.

The most recent updates include iOs 11.2.1 and tvOS 11.2.1 which both patch a message handling issue in the respective products, that could allow a remote attacker to unexpectedly alter application state, according to a Dec. 13 US-CERT advisory.

The vulnerabilities were addressed with improved input validation. Apple also updated its iCloud for Windows in its version 7.2 to address a privacy issue in the use of its client certificates. If left unpatched, the flaw would have allowed an attacker in a privileged network position to track a user.

A day earlier, Apple released security fixes for its AirPort Express, AirPort Extreme and AirPort Time Capsule 802.11n and 802.11AC base stations. If left unpatched, these issues would have allowed an attacker on the same Wi-Fi to force nonce reuse in WPA unicast/PTK clients KRACK attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.