Now-Fixed WiFi Vulnerability Left Apple Devices Open to Attack

by

A vulnerability in WiFi chips made by Cypress Semiconductor and Broadcom left billions of devices susceptible to an attack that allowed nearby attackers to decrypt sensitive data sent over the air.

ipad iphone duo ios 12
The security flaw was detailed at the RSA security conference today (via Ars Technica), and for Apple users, the issue was addressed in the iOS 13.2 and macOS 10.15.1 updates that were released back in late October.

Dubbed Kr00k, the WiFi chip flaw caused vulnerable devices to use an all-zero encryption key to encrypt part of a user's communications. When applied successfully, the attack let hackers decrypt some wireless network packets sent by a vulnerable device. As described by Ars Technica:

Kr00k exploits a weakness that occurs when wireless devices disassociate from a wireless access point. If either the end-user device or the access point is vulnerable, it will put any unsent data frames into a transmit buffer and then send them over the air. Rather than encrypt this data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros, a move that makes decryption trivial.

Chips from Broadcom and Cypress are used in many modern WiFi devices like smartphones, laptops, Internet of Things products, WiFi access points, and routers.

Our tests confirmed that prior to patching, some client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to KrØØk. This totaled to over a billion Wi-Fi-capable devices and access points, at a conservative estimate. Further, many other vendors whose products we did not test also use the affected chipsets in their devices.

According to ESET Research, which published details on the vulnerability, it was disclosed to Broadcom and Cypress along with potentially affected parties. At this time, patches for devices from most major manufacturers have been released.

ESET Research recommends making sure all of the latest updates have been applied to WiFi capable devices to patch the vulnerability.

Popular Stories

M5 MacBook Pro

Apple Announces New 14-Inch MacBook Pro With M5 Chip

Wednesday October 15, 2025 6:07 am PDT by
Apple today updated the 14-inch MacBook Pro base model with its new M5 chip, which is also available in updated iPad Pro and Vision Pro models. In addition, the base 14-inch MacBook Pro can now be configured with up to 4TB of storage on Apple's online store, whereas the previous model maxed out at 2TB. However, the maximum amount of unified RAM available for this model remains 32GB. Like...
Read Full Article276 comments
Apple iPad Pro hero M5

Apple Debuts New iPad Pro With M5 Chip, Faster Charging, and More

Wednesday October 15, 2025 6:16 am PDT by
Apple today announced the next-generation iPad Pro, featuring the custom-designed M5, C1X, and N1 chips. The M5 chip has up to a 10-core CPU, with four performance cores and six efficiency cores. It features a next-generation GPU with Neural Accelerator in each core, allowing the new iPad Pro to deliver up to 3.5x the AI performance than the previous model, and a third-generation ray-tracing ...
Read Full Article282 comments
iphone air thickness

Apple Said to Cut iPhone Air Production Amid Underwhelming Sales

Friday October 17, 2025 8:29 am PDT by
Apple plans to cut production of the iPhone Air amid underwhelming sales performance, Japan's Mizuho Securities believes (via The Elec). The Japanese investment banking and securities firm claims that the iPhone 17 Pro and iPhone 17 Pro Max are seeing higher sales than their predecessors during the same period last year, while the standard iPhone 17 is a major success, performing...
Read Full Article452 comments
maxresdefault

Here's Everything Apple Announced Today

Wednesday October 15, 2025 3:54 pm PDT by
We didn't get a second fall event this year, but Apple did unveil updated products with a series of press releases that went out today. The M5 chip made an appearance in new MacBook Pro, Vision Pro, and iPad Pro models. Subscribe to the MacRumors YouTube channel for more videos. We've rounded up our coverage and highlighted the main feature changes for each device below. MacBook Pro M5...
Read Full Article85 comments
HomePod mini and Apple TV

Apple's Next Rumored Products: New HomePod Mini, Apple TV, and More

Thursday October 16, 2025 9:13 am PDT by
Apple on Wednesday updated the 14-inch MacBook Pro, iPad Pro, and Vision Pro with its next-generation M5 chip, but previous rumors have indicated that the company still plans to announce at least a few additional products before the end of the year. The following Apple products have at one point been rumored to be updated in 2025, although it is unclear if the timeframe for any of them has...
Read Full Article88 comments
14 inch MacBook Pro Keyboard

New 14-Inch MacBook Pro Has Two Key Upgrades Beyond the M5 Chip

Thursday October 16, 2025 8:31 am PDT by
Apple on Wednesday updated the 14-inch MacBook Pro base model with an M5 chip, and there are two key storage-related upgrades beyond that chip bump. First, Apple says the new 14-inch MacBook Pro offers up to 2× faster SSD performance than the equivalent previous-generation model, so read and write speeds should get a significant boost. Apple says it is using "the latest storage technology," ...
Read Full Article64 comments
Vision Pro M5 Announcement

Apple Updates Vision Pro With M5 Chip, Dual Knit Band, and 120Hz Support

Wednesday October 15, 2025 6:14 am PDT by
Apple today updated the Vision Pro headset with its next-generation M5 chip for faster performance, and a more comfortable Dual Knit Band. The M5 chip has a 10-core CPU, a 10-core GPU with Neural Accelerators, and a 16-core Neural Engine, and we have confirmed the Vision Pro still has 16GB of RAM. With the M5 chip, the Vision Pro offers faster performance and longer battery life compared...
Read Full Article254 comments
MacBook Pro M5 Screen

New MacBook Pro Does Not Include a Charger in the Box in Europe

Wednesday October 15, 2025 6:59 am PDT by
The new 14-inch MacBook Pro with an M5 chip does not include a charger in the box in European countries, including the U.K., Ireland, Germany, Italy, France, Spain, the Netherlands, Norway, and others, according to Apple's online store. In the U.S. and all other countries outside of Europe, the new MacBook Pro comes with Apple's 70W USB-C Power Adapter, but European customers miss out....
Read Full Article505 comments
iOS 26

iOS 26.0.2 Update for iPhones Coming Soon

Friday October 17, 2025 7:35 am PDT by
Apple's software engineers continue to internally test iOS 26.0.2, according to MacRumors logs, which have been a reliable indicator of upcoming iOS versions. iOS 26.0.2 will be a minor update that addresses bugs and/or security vulnerabilities, but we do not know any specific details yet. The update will likely be released by the end of next week. Last month, Apple released iOS 26.0.1,...
Read Full Article46 comments
airpods max 2024 colors

AirPods Max 2: Everything We Know So Far

Tuesday October 14, 2025 8:43 am PDT by
Apple's AirPods Max have now been available for almost five years, so what do we know about the second-generation version? According to Apple supply chain analyst Ming-Chi Kuo, the new AirPods Max will be lighter than the current ones, but exactly how much is as yet known. The current AirPods Max weigh 0.85 pounds (386.2 grams), excluding the charging case, making it one of the heavier...
Read Full Article90 comments

Top Rated Comments

Cosmosent Avatar
Cosmosent
74 months ago
Anybody know if it's fixed in Mojave 10.14.6 ?
Score: 5 Votes (Like | Disagree)
now i see it Avatar
now i see it
74 months ago
but we were assured that iOS devices were secure...
Score: 5 Votes (Like | Disagree)
cmaier Avatar
cmaier
74 months ago

They are as secure as anything else. But Apple designs some of their chips, they don't make them. Contractors do. So the vulnerabilities can still be introduced into the supply chain through the same vector; chip providers... just like the vulnerabilities can be introduced by Apple themselves... or the chip makers suppliers... or...

Most of this stuff is scarier in theory than in practice.
It would be very unlikely for a vulnerability that does not exist in the design to exist in the manufactured silicon. When we design chips, and have them made, we test them extremely thoroughly to make sure they behave identically to the RTL and simulated netlist.

And since the manufacturer does not have a simulate-able netlist, it would be very difficult to introduce intentional flaws while still maintaining full functionality so as to fool this testing.
Score: 4 Votes (Like | Disagree)
1345873 Avatar
1345873
74 months ago

Anybody know if it's fixed in Mojave 10.14.6 ?
it's not there, no problem with Mojave and WiFi..

why the angry faces? Apple hasn’t confirmed it, so there’s no problem..
Score: 4 Votes (Like | Disagree)
allpar Avatar
allpar
74 months ago

this is why you keep your devices updated because of security risks - most people forget that
Yeah, well, if they make new versions compatible with old software, I can do that, but I'm not spending ten grand to move to Catalina.
Score: 3 Votes (Like | Disagree)
iapplelove Avatar
iapplelove
74 months ago

No we were assured that “what happens on the iPhone stays in the iPhone” and “it just works”.
I never understood the “ what happens on my iPhone stays on my iPhone” campaign.
Doesnt make much sense to me when I rely on iCloud so much.
Score: 3 Votes (Like | Disagree)
Read All Comments