Apple putties Krack in macOS, iOS

Credit to Author: Gregg Keizer| Date: Tue, 31 Oct 2017 17:06:00 -0700

Apple on Tuesday patched both macOS and iOS against serious vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol used to secure wireless networks.

Information about the flaws, dubbed “Krack” by their Belgian discoverer, made news earlier in the month when security researcher Mathy Vanhoef announced weaknesses in WPA2 that could allow criminals to read information transmitted over a Wi-Fi network thought to be encrypted.

Krack, said Vanhoef, stood for “Key Reinstallation Attacks.”

The macOS 10.13.1 and iOS 11.1 updates addressed the Krack vulnerabilities, as well as a slew of others. The Mac update fixed a whopping 148 flaws, while the iPhone and iPad update quashed 20 bugs. The bulk of the macOS patches – 90 of the total – plugged holes in “tcpdump,” an open-source network packet analyzer that’s baked into the operating system.

As is Apple’s practice, the Mac patches were issued for the three newest versions of the operating system: this year’s High Sierra, last year’s Sierra and 2015’s El Capitan.

Microsoft patched the Krack vulnerabilities in Windows three weeks ago.

Vanhoef and a colleague, Frank Piessens, will present a paper on Krack Nov. 1, at a conference in Dallas, Texas. The paper can be found here.

Apple also patched 15 vulnerabilities in the desktop version of its Safari browser, raising the version number to 11.1. The iOS update dealt with 13 of the same bugs in the iPhone/iPad edition of Safari.

The iOS, macOS and Sierra updates will be automatically offered on the appropriate devices. Users can manually trigger an update on a Mac by selecting “App Store” from the Apple menu, then choosing “Updates” from the row of icons at the top of the store’s window. On iPhones and iPads, users can begin an update by touching “Settings,” then “General,” then “Software Update.”

http://www.computerworld.com/category/security/index.rss