Sources within the company have stated that the patch to remove hardware susceptibility was included in a "previous" beta of the current range of operating systems, indicating a release before Monday’s batch.
Given that the most recent firmware update for the AirPort routers was released in December of 2016, it's presently unknown as to whether Apple would release a patch for the KRACK exploit for its AirPort routers.
The KRACK exploit itself takes advantage of a four-way handshake between a router and a connecting device to establish the encryption key. Properly executed, the third step can be compromised, resulting in the re-use of an encryption key —or in some cases in Android and Linux, the establishment of a null key.
Security researchers have claimed that the attack vector has been opened up in Android 6.0 or later devices. Other operating systems, including iOS and macOS are less impacted, but "a large number of packets" can still be decrypted from all.
The attack uses one or more of 10 different exploits. The details of the exploit were submitted for review on May 19th, and a conference presentation will be delivered on November 1st.
Stay tuned for additional details as they become available. (via Chris Barylick/powerpage.org)
