Amid rumors that Apple has ceased development of new Wi-Fi routers, the company on Tuesday pushed out an update for existing AirPort devices that patches a critical "KRACK Attack" vulnerability made public earlier this year.
In a product security email sent out to customers, Apple notes today's latest AirPort firmware versions, 7.7.9 and 7.6.9, address the Key Reinstallation Attack (KRACK) exploit first publicized in October.
According to US-CERT, the KRACK vulnerability opens nearly all consumer devices using the WPA-2 protocol to packet decrypting. Leveraging "several key management vulnerabilities," nefarious agents could conduct a man-in-the-middle assault to glean sensitive information from a target computer, including passwords, financial information and more.
Apple largely dealt with the issue in in October, shortly after KRACK was made public, by patching its major operating systems, iOS, macOS, tvOS and watchOS. The company left AirPort devices without a fix, and did not say when, or if, an update would be made available.
Since both a router and client device need to be susceptible to the vulnerability for an attack to succeed, fixing one or the other solves the problem. Still, patching both ends of a Wi-Fi system is ideal.
Today's AirPort update also addresses a memory corruption issue with 802.11ac base stations that could allow an attacker to execute arbitrary code on the device's Wi-Fi chip.
Both firmware versions can be downloaded and installed through Apple's AirPort Utility on iOS or macOS. Version 7.7.9 applies to 802.11ac hardware, while the 7.6.9 version is available for 802.11n devices.
It remains unclear why it took Apple nearly two months to push out an AirPort fix for KRACK, but reports claim the company disbanded its router division last year. Engineers working on AirPort hardware are now working with other teams within Apple, including Apple TV development.