The new “KRACK Attack” hack that completely opens up some routers and all Android 6.0 and later devices while impacting iOS and macOS has been patched in the developer and public betas for iOS, watch OS, macOS and tvOS, Apple has confirmed to iMore’s Rene Ritchie.
As soon as Apple’s updates leave beta, the security fixes will be pushed out to everyone. The KRACK Q&A states that the flaws can be patched in a backwards-compatible manner so that a patched client can still communicate with an unpatched access point and vice versa.
The hack doesn’t seem to exploit access points such as Apple’s AirPort wireless appliances. Both a router and a client device must be prone to the KRACK hack for the attack to succeed.
Rene says that AirPort Express, Extreme and Time Capsule models “don’t seem be vulnerable” to one or more of the ten discovered Wi-Fi WPA2 exploits, even if using one as a bridge. Additionally, a source told AppleInsider that AirPort devices don’t have a patch available and was not certain if one was in progress.
The last AirPort firmware update was in December 2016. Apple in the past did update AirPort devices with major security fixes so the fact that there’s no AirPort update for “KRACK Attack” indicates that AirPorts most likely don’t require this particular security update.
Other routers may or may not require a firmware update. iMore has put together a regularly updated list of vendors that have issued relevant KRACK patches for their routers so do check it out to see if there’s a fix available for your router model.
If in doubt, contact your router vendor directly.