Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

macOS Sierra, El Capitan security updates patch KRACK Wi-Fi exploit

Mike Wuerthele |

On the same day that Apple patched it's front-line operating systems for the KRACK Wi-Fi attack vector, the company has also reached back a bit, and issued security updates for Sierra and El Capitan to fix the problem.

Security updates 2017-001 and 2017-004 for Sierra and El Capitan respectively contain just fixes for the KRACK wi-fi exploit that still plagues Android and router manufacturers since its debut earlier in October. Both updates are available through the Mac App Store.

Apple has issued no comment on patch status for the Airport family. The last firmware update for the Airport Extreme Base Station or Time Capsule was issued in December.

AppleInsider has reached out to Apple for more information regarding the AirPort family of devices, and has not as of yet received a response.

The exploit takes advantage of a four-way handshake between a router and a connecting device to establish the encryption key. Properly executed, the third step can be compromised, resulting in the re-use of an encryption key — or in some cases in Android and Linux, the establishment of a null key.

The researchers who discovered the attack claim that the exploit completely opens up an Android 6.0 and later devices. Other operating systems, including iOS and macOS are less impacted, but "a large number of packets" can still be decrypted from all.

Both a router and a client device must be susceptible to the KRACK Attack vector for the assault to succeed. If either are patched, then no data can be gleaned from the man-in-the-middle method.

6 Comments

sc_markt 23 Years · 1218 comments
About

Does this exploit exist on Mavericks? Apple didn't fix the keychain issue for Mavericks and this pisses me off...

I don't want to update to a newer MacOS because they are getting more iOS like. 

chia 15 Years · 714 comments
About

sc_markt said:
Does this exploit exist on Mavericks? Apple didn't fix the keychain issue for Mavericks and this pisses me off...

I don't want to update to a newer MacOS because they are getting more iOS like. 

I doubt they've fixed it in MacOS 9.1 either.
There comes a stage when someone has to either move on and progress or stand still and decline.

If you can run Mavericks on your Mac you can run  definitely run El Capitan and possibly even the current High Sierra.
You can do everything in El Capitan or High Sierra that you can do in Mavericks and in pretty much the same way too.

Okay, the aesthetic may look garish to you and whilst it's nice to have as much as possible pleasing to the eye, it's a question of what is of greater priority for you, how things look on your computer or what it enables you to do safely and securely.  Besides, MacOS remains quite customizable in look and feel.

thinkman@chartermi.net 18 Years · 173 comments
About

chia said:
sc_markt said:
Does this exploit exist on Mavericks? Apple didn't fix the keychain issue for Mavericks and this pisses me off...

I don't want to update to a newer MacOS because they are getting more iOS like. 
I doubt they've fixed it in MacOS 9.1 either.
There comes a stage when someone has to either move on and progress or stand still and decline.

If you can run Mavericks on your Mac you can run  definitely run El Capitan and possibly even the current High Sierra.
You can do everything in El Capitan or High Sierra that you can do in Mavericks and in pretty much the same way too.

Okay, the aesthetic may look garish to you and whilst it's nice to have as much as possible pleasing to the eye, it's a question of what is of greater priority for you, how things look on your computer or what it enables you to do safely and securely.  Besides, MacOS remains quite customizable in look and feel.

Garish? Please explain what's garish about it.

Soli 9 Years · 9981 comments
About

What's the over/under on Apple updating their AirPort router firmware to fix this WPA2 (IEEE_802.11i-2004) issue?

sc_markt said:
Does this exploit exist on Mavericks? Apple didn't fix the keychain issue for Mavericks and this pisses me off...

I don't want to update to a newer MacOS because they are getting more iOS like. 

It exists for all devices that use WPA2 security protocol, but I doubt there will be an update. Keep in mind that Mavericks (10.9) hasn't been updated since 2014 and Macs that support the just released High Sierra (10.13) go back 8 years to 2009. If you're concerned I'd consider having an always-on paid VPN from a reputable vendor, as that will also protect you from this WPA2 bug.

citpeks 10 Years · 253 comments
About

Security updates 2017-001 and 2017-004 for Sierra and El Capitan respectively contain just fixes for the KRACK wi-fi exploit that still plagues Android and router manufacturers since its debut earlier in October. Both updates are available through the Mac App Store.

I see that the headline has been changed, but that sentence remains in the story.

The update for El Cap contains more than 30 other fixes, in addition to the one for KRACK.

It's not to be missed, even without the KRACK patch.

Read More on our Forums ->
 

Sponsored Content

article thumbnail

How to stop spam calls and reclaim some sanity on your iPhone

Top Stories

article thumbnail

HomeKit Smart doorbell with Face ID expected by 2026

article thumbnail

How Apple's smart home revolution begins in 2025

article thumbnail

Apple says EU interoperability laws pose severe privacy risks

article thumbnail

Don't believe what you see on TikTok - AirDrop doesn't allow thieves to steal your credit card info

article thumbnail

Holiday 2024 MacBook Buyer's Guide — Which Mac laptop you should buy?

article thumbnail

Holiday coupon: save up to $300 on every 14" & 16" MacBook Pro M4