Apple putties Krack in macOS, iOS

The company patched both macOS and iOS against flaws in the WPA2 protocol that secures wireless networks. The macOS update alone patched a whopping 148 flaws, while the iOS update squashed 20 bugs.

thinkstockphotos 499123970 laptop security

Apple on Tuesday patched both macOS and iOS against serious vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol used to secure wireless networks.

Information about the flaws, dubbed "Krack" by their Belgian discoverer, made news earlier in the month when security researcher Mathy Vanhoef announced weaknesses in WPA2 that could allow criminals to read information transmitted over a Wi-Fi network thought to be encrypted.

Krack, said Vanhoef, stood for "Key Reinstallation Attacks."

The macOS 10.13.1 and iOS 11.1 updates addressed the Krack vulnerabilities, as well as a slew of others. The Mac update fixed a whopping 148 flaws, while the iPhone and iPad update quashed 20 bugs. The bulk of the macOS patches - 90 of the total - plugged holes in "tcpdump," an open-source network packet analyzer that's baked into the operating system.

As is Apple's practice, the Mac patches were issued for the three newest versions of the operating system: this year's High Sierra, last year's Sierra and 2015's El Capitan.

Microsoft patched the Krack vulnerabilities in Windows three weeks ago.

Vanhoef and a colleague, Frank Piessens, will present a paper on Krack Nov. 1, at a conference in Dallas, Texas. The paper can be found here.

Apple also patched 15 vulnerabilities in the desktop version of its Safari browser, raising the version number to 11.1. The iOS update dealt with 13 of the same bugs in the iPhone/iPad edition of Safari.

The iOS, macOS and Sierra updates will be automatically offered on the appropriate devices. Users can manually trigger an update on a Mac by selecting "App Store" from the Apple menu, then choosing "Updates" from the row of icons at the top of the store's window. On iPhones and iPads, users can begin an update by touching "Settings," then "General," then "Software Update."


Copyright © 2017 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon