Apple Finally Fixes KRACK with Today’s AirPort Firmware Updates [7.6.9 and 7.7.9 Now Available]

Author Photo
Dec 12, 2017
22Shares
Submit

Apple has released new firmware updates for its AirPort Express, AirPort Extreme, and AirPort Time Capsule. The update 7.7.9 is for 802.11ac base stations; 7.6.9 is available for 802.11n base stations. You can manually update your AirPort devices opening the AirPort Utility on macOS or iOS. Just select your AirPort device and click Update.

After over two months, today’s updates finally bring fixes to several security issues, including the devastating KRACK vulnerabilities. KRACK can allow attackers to exploit WPA2 protocol to decrypt network traffic and essentially read everything, including passwords. More details about KRACK and Broadpwn are available in our earlier posts.

airport-extreme-4Related Apple Has Officially Discontinued Its AirPort Wireless Router Family So You’d Best Hurry if You Want One

AirPort Base Station Firmware Update 7.6.9 and 7.7.9

Apple has now released the security notes for today’s releases. Here’s everything that has been addressed with today’s security updates.

AirPort Base Station Firmware

Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks – KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

AirPort Base Station Firmware

Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks – KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

AirPort Base Station Firmware Update 7.7.9 fixes one additional security bug:

AirPort Base Station Firmware

Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac

Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2017-9417: Nitay Artenstein of Exodus Intelligence

Submit