Apple released a pair of AirPort firmware updates to patch the KRACK vulnerability on Tuesday. AirPort Base Station Firmware Update 7.6.9 was released for AirPort base stations with 802.11n, while AirPort Base Station Firmware Update 7.7.9 was released for older AirPort base stations that support 802.11ac.
KRACK is a vicious vulnerability that affected WiFi devices far and wide. It allowed attackers to potentially get even encrypted data going over a network.
Patch Notes for AirPort Base Station Firmware Update 7.7.9
AirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-9417: Nitay Artenstein of Exodus IntelligenceAirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks – KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU LeuvenAirPort Base Station Firmware
Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks – KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
Patch notes for AirPort Base Station Firmware Update 7.6.9
AirPort Base Station Firmware
Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks – KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU LeuvenAirPort Base Station Firmware
Available for: AirPort Express, AirPort Extreme, and AirPort Time Capsule base stations with 802.11n
Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks – KRACK)
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven
You can download the updates through AirPort Utility on either iOS or macOS.
Apple patched Macs running High Sierra, Sierra, and El Capitan with a security update on the 1st of November to protect against this hack. This latest firmware update protects one if you’re using an Airport Extreme or express with some other brand of computer, I think. Were older Apple routers susceptible to this vulnerability?
I’m with Mr Kheit here. Didn’t Apple assert that they/we were safe from the KRACK ? Liar, liar, pants on fire !
I see that my older AirPort units (the ones that look like laptop chargers) didn’t get an update, and I still use them for connecting non WiFi enabled printers to my home network. Is Apple forgetting that there’s still a lot of them out here in the wild ?
Thanks, I updated both of my Airports.
ARE YOU F’N SERIOUS!!! YOU CANNOT BE SERIOUS!!!
So first Dave Hamilton was right https://www.macobserver.com/news/list-of-krack-patches-routers/, Apple was susceptible to KRACK even though they outright LIED to the press saying it didn’t affect their routers. Then they take 2 MONTHS to fix the biggest vulnerability in the history of WiFi.
The wheels have totally fallen off man…. Un’F’n’believable….