macOS Sierra, El Capitan security updates patch KRACK Wi-Fi exploit

On the same day that Apple patched it's front-line operating systems for the KRACK Wi-Fi attack vector, the company has also reached back a bit, and issued security updates for Sierra and El Capitan to fix the problem.

Security updates 2017-001 and 2017-004 for Sierra and El Capitan respectively contain just fixes for the KRACK wi-fi exploit that still plagues Android and router manufacturers since its debut earlier in October. Both updates are available through the Mac App Store.

Apple has issued no comment on patch status for the Airport family. The last firmware update for the Airport Extreme Base Station or Time Capsule was issued in December.

AppleInsider has reached out to Apple for more information regarding the AirPort family of devices, and has not as of yet received a response.

The exploit takes advantage of a four-way handshake between a router and a connecting device to establish the encryption key. Properly executed, the third step can be compromised, resulting in the re-use of an encryption key — or in some cases in Android and Linux, the establishment of a null key.

The researchers who discovered the attack claim that the exploit completely opens up an Android 6.0 and later devices. Other operating systems, including iOS and macOS are less impacted, but "a large number of packets" can still be decrypted from all.

Both a router and a client device must be susceptible to the KRACK Attack vector for the assault to succeed. If either are patched, then no data can be gleaned from the man-in-the-middle method.

6 Comments

sc_markt 1218 comments · 23 Years

About 7 years ago

Does this exploit exist on Mavericks? Apple didn't fix the keychain issue for Mavericks and this pisses me off...

I don't want to update to a newer MacOS because they are getting more iOS like.

chia 714 comments · 15 Years

About 7 years ago

sc_markt said:

Does this exploit exist on Mavericks? Apple didn't fix the keychain issue for Mavericks and this pisses me off...

I don't want to update to a newer MacOS because they are getting more iOS like.

I doubt they've fixed it in MacOS 9.1 either.
There comes a stage when someone has to either move on and progress or stand still and decline.

If you can run Mavericks on your Mac you can run definitely run El Capitan and possibly even the current High Sierra.
You can do everything in El Capitan or High Sierra that you can do in Mavericks and in pretty much the same way too.

Okay, the aesthetic may look garish to you and whilst it's nice to have as much as possible pleasing to the eye, it's a question of what is of greater priority for you, how things look on your computer or what it enables you to do safely and securely. Besides, MacOS remains quite customizable in look and feel.

thinkman@chartermi.net 173 comments · 18 Years

About 7 years ago

chia said:

sc_markt said:

Does this exploit exist on Mavericks? Apple didn't fix the keychain issue for Mavericks and this pisses me off...

I don't want to update to a newer MacOS because they are getting more iOS like.

I doubt they've fixed it in MacOS 9.1 either.
There comes a stage when someone has to either move on and progress or stand still and decline.

If you can run Mavericks on your Mac you can run definitely run El Capitan and possibly even the current High Sierra.
You can do everything in El Capitan or High Sierra that you can do in Mavericks and in pretty much the same way too.

Okay, the aesthetic may look garish to you and whilst it's nice to have as much as possible pleasing to the eye, it's a question of what is of greater priority for you, how things look on your computer or what it enables you to do safely and securely. Besides, MacOS remains quite customizable in look and feel.

Garish? Please explain what's garish about it.

Soli 9981 comments · 9 Years

About 7 years ago

What's the over/under on Apple updating their AirPort router firmware to fix this WPA2 (IEEE_802.11i-2004) issue?

sc_markt said:

Does this exploit exist on Mavericks? Apple didn't fix the keychain issue for Mavericks and this pisses me off...

I don't want to update to a newer MacOS because they are getting more iOS like.

It exists for all devices that use WPA2 security protocol, but I doubt there will be an update. Keep in mind that Mavericks (10.9) hasn't been updated since 2014 and Macs that support the just released High Sierra (10.13) go back 8 years to 2009. If you're concerned I'd consider having an always-on paid VPN from a reputable vendor, as that will also protect you from this WPA2 bug.

citpeks 253 comments · 10 Years

About 7 years ago

AppleInsider said:

Security updates 2017-001 and 2017-004 for Sierra and El Capitan respectively contain just fixes for the KRACK wi-fi exploit that still plagues Android and router manufacturers since its debut earlier in October. Both updates are available through the Mac App Store.

I see that the headline has been changed, but that sentence remains in the story.

The update for El Cap contains more than 30 other fixes, in addition to the one for KRACK.

It's not to be missed, even without the KRACK patch.