Apple released updated versions of its mobile iOS and desktop macOS operating systems on Oct. 31, patching a critical WiFi security vulnerability known as KRACK that was first publicly disclosed on Oct. 16.
The iOS 11.1 and macOS 10.13.1 updates patch multiple software flaws associated with the KRACK WiFi vulnerability disclosure. KRACK is an acronym for Key Reinstallation Attacks and was discovered by security researcher Mathy Vanhoef working at Belgian University KU Leuven.
“An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks – KRACK),” Apple warned in both its iOS and macOS security advisories.
KRACK is actually a series of related vulnerabilities that could enable an attacker to reuse or replay WPA2 WiFi encryption handshake keys to gain access to an encrypted WiFi data stream.
“Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,” the KRACK vulnerability disclosure warns. “The attack works against all modern protected WiFi networks.”
iOS 11.1 patches a single KRACK vulnerability identified as CVE-2017-13080, while macOS 10.13.1 patches three KRACK issues (CVE-2017-13077, CVE-2017-13078 and CVE-2017-13080).
“A logic issue existed in the handling of state transitions,” Apple’s advisory warned about the KRACK issues. “This was addressed with improved state management.”
Although KRACK was publicly disclosed on Oct.16, Vanhoef worked with CERT/CC to conduct a coordinated private disclosure that was sent out to impacted vendors, including Apple, on Aug. 28. A number of vendors, including Aruba, Cisco, Red Hat, Juniper Networks, ZyXEL, Samsung, Intel and Microsoft, had a patch for KRACK on or before Oct. 16. While Apple is one of the last major vendors to patch for the KRACK vulnerability, to date there have been no major reports of any known attacks in the wild.
KRACK isn’t the only vulnerability patched in iOS 11.1. Thirteen other flaws, of which six are memory corruption issues in the WebKit browser rendering engine, were also patched. macOS 10.13.1, meanwhile, has patches for 146 identified vulnerabilities in total. The majority of those vulnerabilities are being resolved with updated packages for the tcpdump networking library, which had 88 flaws.
Among the interesting updates in macOS 10.13.1 is one for the 802.1X protocol authentication library identified as CVE-2017-13832 that was due to the use of Transport Layer Security (TLS) 1.0. TLS 1.0 is an older encryption standard that has multiple known and publicly exploited vulnerabilities.
“An attacker may be able to exploit weaknesses in TLS 1.0,” Apple’s advisory warns. “A protocol security issue was addressed by enabling TLS 1.1 and TLS 1.2.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.