Apple Says 'KRACK' Wi-Fi Vulnerabilities Are Already Patched in iOS, macOS, watchOS, and tvOS Betas

Apple has already patched serious vulnerabilities in the WPA2 Wi-Fi standard that protects many modern Wi-Fi networks, the company told iMore's Rene Ritchie this morning.

The exploits have been addressed in the iOS, tvOS, watchOS, and macOS betas that are currently available to developers and will be rolling out to consumers soon.

A KRACK attack proof-of-concept from security researcher Mathy Vanhoef

Disclosed just this morning by researcher Mathy Vanhoef, the WPA2 vulnerabilities affect millions of routers, smartphones, PCs, and other devices, including Apple's Macs, iPhones, and iPads.

Using a key reinstallation attack, or "KRACK," attackers can exploit weaknesses in the WPA2 protocol to decrypt network traffic to sniff out credit card numbers, usernames, passwords, photos, and other sensitive information. With certain network configurations, attackers can also inject data into the network, remotely installing malware and other malicious software.

Because these vulnerabilities affect all devices that use WPA2, this is a serious problem that device manufacturers need to address immediately. Apple is often quick to fix major security exploits, so it is not a surprise that the company has already addressed this particular issue.

Websites that use HTTPS offer an extra layer of security, but an improperly configured site can be exploited to drop HTTPS encryption, so Vanhoef warns that this is not a reliable protection.

Apple's iOS devices (and Windows machines) are not as vulnerable as Macs or devices running Linux or Android because the vulnerability relies on a flaw that allows what's supposed to be a single-use encryption key to be resent and reused more than once, something the iOS operating system does not allow, but there's still a partial vulnerability.

Once patched, devices running iOS, macOS, tvOS, and watchOS will not be able to be exploited using the KRACK method even when connected to a router or access point that is still vulnerable. Still, consumers should watch for firmware updates for all of their devices, including routers.

Ahead of the release of the update that addresses the vulnerabilities, customers who are concerned about attacks should avoid public Wi-Fi networks, use Ethernet where possible, and use a VPN.

Popular Stories

Apple Vision Pro 2 Feature 2

Apple Reportedly Suspends Work on Vision Pro 2

Tuesday June 18, 2024 8:17 am PDT by
Apple has suspended work on the second-generation Vision Pro headset to singularly focus on a cheaper model, The Information reports. Apple was widely believed to have plans to divide its Vision product line into two models, with one "Pro" model and one lower-cost standard model. The company is said to have been deprioritizing the next Vision Pro headset over the past year, gradually...
apple watch series 9 display

Kuo: Apple Watch Series 10 to Get Larger Screen and Thinner Design

Monday June 17, 2024 1:20 am PDT by
This year's Apple Watch Series 10 will be thinner and come in larger screen sizes than previous models, according to Apple analyst Ming-Chi Kuo. In his latest industry note -10-and-98075c44ce92">shared on Medium, Kuo said the screen size options on the next-generation Apple Watch will increase from 41mm to 45mm, and from 45mm to 49mm, while being encased in a thinner design. For reference,...
2022 back to school apple feature

Apple's 2024 Back to School Sale Launching This Week

Monday June 17, 2024 12:27 pm PDT by
Apple will launch its annual Back to School promotion for university students in the United States and Canada this week, according to Bloomberg's Mark Gurman. Apple's back to school sales provide students with a free Apple gift card when purchasing a Mac or an iPad, and this year's promotion could help Apple push the new M2 iPad Air and M4 iPad Pro models. Last year, Apple offered U.S....
Apple Pay Later feature 1

Apple Discontinuing Apple Pay Later

Monday June 17, 2024 11:44 am PDT by
Apple is discontinuing Apple Pay Later, the buy now, pay later feature that it just launched last October. Apple Pay Later is being discontinued as of today, but people who have existing Apple Pay Later loans will be able to continue to pay them off and manage them through the Wallet app. Apple announced plans to end the feature in a statement provided to 9to5Mac, which also notes that...
iOS 18 CarPlay Feature

iOS 18 Adds These 5 New Features to CarPlay

Thursday June 13, 2024 7:44 am PDT by
Apple did not mention CarPlay during its WWDC keynote this week, but iOS 18 includes a handful of new features for the in-car software. Overall, there is not a whole lot new for CarPlay on iOS 18, with changes seemingly limited to the Messages and Settings apps so far. Below, we recap everything new for CarPlay on iOS 18. New for CarPlay on iOS 18 1. Contact Photos in Messages App...
iPod Nano vs iPod Pro Ad Feature 1

Apple Developing Thinner MacBook Pro, Apple Watch, and iPhone

Monday June 17, 2024 2:22 am PDT by
Apple intends to slim down the MacBook Pro, Apple Watch, and iPhone, with the new ultra-thin M4 iPad Pro a sign of the company's new design trajectory, according to Bloomberg's Mark Gurman. When the M4 iPad Pro was unveiled last month, Apple touted it as the company's thinnest product ever, and even compared it to the 2012 iPod nano to emphasize its slim dimensions. Writing in the latest ...
watchOS 11 Thumb 2 1

watchOS 11 Supports Automatic Nap Detection

Monday June 17, 2024 4:05 pm PDT by
watchOS 11 appears to include a new feature that allows an Apple Watch to automatically detect and record when you're taking a nap. As shared on Reddit, an Apple Watch owner took a nap and was able to see the sleep data recorded in the Health app, despite not putting the device in Sleep Mode. Right now, the Apple Watch only tracks and records sleep when it is in Sleep Mode, and there is no...

Top Rated Comments

bookwormsy Avatar
87 months ago
Are they going to release a security update for devices that can't run iOS 11?
Score: 30 Votes (Like | Disagree)
BittenApple Avatar
87 months ago
What about for 32 bit devices ?
Score: 17 Votes (Like | Disagree)
iapplelove Avatar
87 months ago
This is why I keep my devices updated, its worth dealing with a few bugs.
Score: 15 Votes (Like | Disagree)
lkrupp Avatar
87 months ago
The computer industry as a whole needs to do a much better job at security. They need to get it right the first time. Not rely on endless patching. Why? Because there are products out there that might not ever be updated, that a manufacturer has already moved on from. Old TV sets, old phones and operating systems that cannot be upgraded, smoke detectors, door locks, light bulbs, refrigerators,...wifi is used in just about everything now.

Got to get this stuff right to begin with. Too important not to.
Yeah, well Wi-Fi has been around for over ten years now and this flaw has just now been discovered. There is literally NO WAY to “get this stuff right to begin with.” Like I have posted once before I worked for AT&T for 34 years in a telephone central office. Digital telephone switches began to be installed in the 1980s and thirty years later those switches are still being patched almost daily. Software development just doesn’t work the way you are expecting it too. There has never been a piece of software released that didn’t require updating or patching. And there never will be.
Score: 12 Votes (Like | Disagree)
QCassidy352 Avatar
87 months ago
Support for 32-bit has ended. The newest 32-bit device was released in 2013. Sorry, but supporting devices that are over 4 years old just doesn't make sense.

Apple supports their devices FAR LONGER than the industry average. If you're concerned, it might be time to consider upgrading to something a bit newer.
That's a very dismissive attitude. So if my 87 year old grandma is perfectly happy with her iPhone 5, she should be forced to buy a new one so as to have access to a software security patch? And if a few hundred bucks is not in her budget as a retired person then "tough luck, hope you don't get hacked"? Apple is one of the biggest and wealthiest companies in the world. I think they can and should see their way clear to coding a security update for 32 bit devices.

And yes, I do acknowledge that support must be cut off at *some* point. I don't expect a patch for the original iPhone on iOS 3. But I don't think it's unreasonable to expect a patch for A6-based devices, which were sold *new* as late as fall 2015.

This is entirely why I’ve always told people “even if you don’t give a damn another the new features, just update to the newest os as long as your device supports it”. But did anyone listen? No. They just sit back all stubborn until something terrible happens
It's weighing the possibility of something terrible happening against the certainty of subsequent updates slowing my device to a frustrating crawl (see: A5 devices on iOS 9). Not a choice I believe we should have to make. They release security updates for older macOS versions and should do the same for iOS, in my opinion.
Score: 12 Votes (Like | Disagree)
Dwalls90 Avatar
87 months ago
That’s great. But still, Apple needs to change the WiFi toggle behavior in control center for these kinds of things.
Sorry but that is a complete separate complaint.
Score: 10 Votes (Like | Disagree)