macOS Sierra, El Capitan security updates patch KRACK Wi-Fi exploit

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

On the same day that Apple patched it's front-line operating systems for the KRACK Wi-Fi attack vector, the company has also reached back a bit, and issued security updates for Sierra and El Capitan to fix the problem.

Security updates 2017-001 and 2017-004 for Sierra and El Capitan respectively contain just fixes for the KRACK wi-fi exploit that still plagues Android and router manufacturers since its debut earlier in October. Both updates are available through the Mac App Store.

Apple has issued no comment on patch status for the Airport family. The last firmware update for the Airport Extreme Base Station or Time Capsule was issued in December.

AppleInsider has reached out to Apple for more information regarding the AirPort family of devices, and has not as of yet received a response.

The exploit takes advantage of a four-way handshake between a router and a connecting device to establish the encryption key. Properly executed, the third step can be compromised, resulting in the re-use of an encryption key — or in some cases in Android and Linux, the establishment of a null key.

The researchers who discovered the attack claim that the exploit completely opens up an Android 6.0 and later devices. Other operating systems, including iOS and macOS are less impacted, but "a large number of packets" can still be decrypted from all.

Both a router and a client device must be susceptible to the KRACK Attack vector for the assault to succeed. If either are patched, then no data can be gleaned from the man-in-the-middle method.