CVE-2017-13082 WPA2 Vulnerability and Airports
Regarding the WIFI vulnerability outlined in CVE-2017-13082 Does anyone know if Apple will be providing a patch to the Airport firmware?
Mac Pro, macOS Sierra (10.12.4)
We have. Please don't post FUD.
Question marked as
Apple is now being quoted by several tech websites saying they have a patch in beta that will be released in the next few weeks for Apple Watch, iOS, OS X and Apple TV. The AirPort and Time Capsules are not affected by this potential flaw.
Source:
KRACK attack: How Apple, Google, others are responding - CNET
Source
35 replies
We are all users here.....just like you....so there would be no way for anyone here to know what Apple might be planning, or when they might be planning to do it.
If Apple releases an update, we will all know.
I provided them feedback, with our business contact information (thank you). Hopefully they will respond directly; I work in a large *.edu environment, where we use a lot of Apple products.
Apple will acknowledge that they have received your feedback, but otherwise they will not respond to you directly any further.
I'm wondering the same thing.
I run an Airport because Apple actually takes security seriously, which is still almost unheard of among consumer routers...but of course doesn't apply if they're not actually still supporting their routers, and I'm unclear on that.
Last update was December 2016, and it seems like there should have been updates by now...
If Apple isn't supporting the Airports anymore, I'm thinking of getting either a Google Onhub/wifi, or a Symantic/Norton router, as the normal routers are just jokes, and I don't really want to spend the money or effort to build/manage my own router. (If anyone has thoughts, feel free to share 'em!)
Of course I'm really happy with my Apple routers, but if they're not being supported...
Wolfpup, I hear you on the Apple routers. I recall reading in one of the Mac news web sites, a while ago (probably 12+ months) that Apple had reduced the size of its wifi router team. While that may signal Apple's lack of interest in releasing new models, it might mean they would still be releasing security fixes.
When I think about Google Onhub, I think about Android devices that are particularly hard hit with this specific issue and wonder if Onhub is affected. It seems like most consumer devices would be impacted... the question being, will the patches come, and if so, how quickly? Unfortunately, I have no answers. Just wondering aloud.
sparks212 wrote:
Submit a question to Apple via their feedback channel: Feedback - AirPort Extreme - Apple
It takes just a minute of your time to ask Apple directly.
The Feedback page is NOT the place to ask Apple questions. They do not respond to those posts.
Wolfpup wrote:
... I'd want a security researcher to verify that before I believe it, as this is a fundamental issue with WPA2.
😠
Apple has worked with Securities Labs in the past, notably Palo Alto ICSA who have identified a number of securities issues Mac and more often some other platform or generalized service. In recent months Palo Alto was the first or one of the first credible labs that detected Transmission; a torrent application had their distribution servers hacked and the application payload was replaced with malware.
Dude, what the heck are you talking about? No one is bashing Apple and there's no point in these forums at all if not to talk about issues like this.
If you don't like it, you don't have to post here.
So far your posts are just cluttering up a thread where there's been some good info posted.
Forrest wrote:
The reality is that Apple does in fact monitor these forums. I've been contacted directly by Apple in response to another issue that originated here in discussions.
If a specific engineer is tasked with a project that may involve issues people have posted on the forums, they will look for such posts. That is most likely what happened in your case. They do not, however, have people who's job it is to read the forums looking for new issues. That's what the feedback link is for.
Well it's not really "rumor or speculation" that Apple's supported devices are getting patched quickly
When you see an official statement from Apple that this is in fact the case, please post the link.
I have several Airport Extreme and Airport Express at home. I was trusting that Apple will follow up with support on these, since these devices are still available to purchase. I hope Apple won't fail on me.
Greg
Yeah, the fact that they're still selling them means surely they'll update them... I wish they'd given an official statement when they talked about their other devices. Hopefully just an oversight (I hope...)
You're right, the best I can find is "sources inside of Apple not authorized to speak on behalf...", but I had not intended to offer this as conclusive. Despite this; after re-reading it does not appear to make that very clear so my apologies.
You may be correct my post is "speculative" and I may have discussed a potential beta feature which is also not something permitted here. Either way have reported it to the mods to do what is required for keeping within the guidelines.
Submit a question to Apple via their feedback channel: Feedback - AirPort Extreme - Apple
It takes just a minute of your time to ask Apple directly.
I provided them feedback, with our business contact information (thank you). Hopefully they will respond directly; I work in a large *.edu environment, where we use a lot of Apple products.
CVE-2017-13082 WPA2 Vulnerability and Airports