KRACK Wi-Fi bug: What Apple, Google, more are doing to fix it

The new vulnerability found in Wi-Fi networks may sound scary, but vendors are starting to roll out patches to address the danger.

Microsoft, for instance, released a patch for Windows on Oct. 10. "Customers who have Windows Update enabled and applied the security updates are protected automatically," the company said in an email.

Apple has already issued a fix in the latest beta versions of its iOS, macOS, tvOS, and watchOS platforms. But it'll also release another security patch targeting the rest of its user base "soon," the company said, without specifiying a date.

Google also appears to be preparing a security patch for Android devices, but it won't come out until Nov. 6 when the company releases its monthly security update.

More From PCmag

 

A broad notification about the vulnerability was sent to industry vendors in late August, so major tech companies should be aware of the problem.

On Monday, Intel posted updates for the company's wireless internet adapters, which can be downloaded and installed. The chipmaker is also working with device manufacturers to roll out the patches to computers.

Others, like Ubuntu have also issued patches. Cisco and Amazon are also in the midst of preparing security fixes for their wireless products.

The vulnerability, disclosed on Monday, is particularly troublesome because it affects all modern Wi-Fi networks. It stems from the Wi-Fi Protected Access II (WPA2) protocol, which is designed to keep the network secure. Security researchers in Belgium noticed a weakness in the protocol that can be abused to spy on the data transmitted over the Wi-Fi network.

As a result, any sensitive data like user passwords, credit card numbers, and emails could be stolen if a hacker were to exploit the vulnerability. To fix the problem, vendors across the entire industry will have to issue patches.

The good news it that the flaw only works if the attacker is within physical range of the Wi-Fi network. The researchers also found that Windows 7, Windows 10, and iOS 10.3.1 used a different wireless implementation, making the operating systems less suspectible to the vulnerability.

The flaw can also be patched in a "backwards-compatible manner," according to one of the researchers, Mathy Vanhoef. That means when users patch their smartphone or PC, the device should now securely communicate over Wi-Fi, even if the internet router they're using hasn't been patched.

This article originally appeared on PCMag.com.