Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Apple Patches KRACK Flaws in Boot Camp

Apple has released an update for its Boot Camp utility to address vulnerabilities related to the wireless Key Reinstallation Attacks (KRACK) that were disclosed late last year.

Apple has released an update for its Boot Camp utility to address vulnerabilities related to the wireless Key Reinstallation Attacks (KRACK) that were disclosed late last year.

 A total of 10 KRACK vulnerabilities were disclosed in October 2017, all impacting the Wi-Fi standard itself and rendering all Wi-Fi Protected Access II (WPA2) protocol implementations vulnerable. The new type of attack also impacts industrial networking devices.

An attacker looking to exploit the vulnerabilities would need manipulate replay handshake messages to trick the victim into reinstalling an already-in-use key. An attacker within Wi-Fi range of a victim would then have access to information previously assumed to be safely encrypted.

Vendors raced to patch the flaws, and Apple themselves released a fist set of KRACK-related patches in October last year, for iOS, macOS, tvOS, and watchOS devices. The company also addressed the bugs in Apple Watch and AirPort Base Station Firmware.

Apple is now pushing a fix for Boot Camp, the multi-boot utility included in macOS that allows users install Microsoft Windows operating systems on Intel-based Macs.

Advertisement. Scroll to continue reading.

With the release of a Wi-Fi Update for Boot Camp 6.4.0 last week, the Cupertino-based tech giant is addressing a total of three KRACK-released flaws, which are tracked as CVE-2017-13077, CVE-2017-13078, and CVE-2017-13080.

By targeting vulnerable devices, an attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients or in WPA multicast/GTK clients, Apple explains in an advisory.

The software update, the company explains, is available for a broad range of machines running Boot Camp, including MacBook (Late 2009 and later), MacBook Pro (Mid 2010 and later), MacBook Air (Late 2010 and later), Mac mini (Mid 2010 and later), iMac (Late 2009 and later), and Mac Pro (Mid 2010 and later).

“A logic issue existed in the handling of state transitions. This was addressed with improved state management,” Apple noted.

Related: Apple Patches KRACK Flaws in AirPort Base Station

Related: Apple Patches Dangerous KRACK Wi-Fi Vulnerabilities

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.