cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AJ2
Viewer

KRACK - Apple security notices need more detail

Apple announced new security updates November 1st 2017. This time they explicitly list KRACK fix but only for iPhone 7 and iPad Pro 9.7 inch. Does that mean everything else was already patched or that everything else is vulnerable? Apple need to be specific and clear.

 

Official apple announcement: https://support.apple.com/en-us/HT208222

 

At the bottom of that page: 

 

Wi-Fi

Available for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

 

 

1 Reply
kpinkham
Newcomer II

Yes, this is confusing. I am now seeing information for IPhone 8, IPhone 8 plus, and IPhone X at this link (in addition to the original IPhone 7 information). It looks like there are multiple CVE numbers for KRACK (Apple is showing CVE-2017-13080 for the 7 and CVE-2017-13078 and CVE-2017-13079 for the 8 and X) and they are providing information separately.