Apple Releases iOS 11.1 and Other Important Security Updates
The latest round of Apple security updates arrived on Halloween, delivering everything from iOS 11.1 to updates that affect macOS, watchOS, and more. As is often the case with large patch days, these updates address a wide variety of security flaws affecting different parts of the systems in question. From WebKit vulnerabilities to memory handling issues on the Apple Watch and in macOS, Apple squashed plenty of bugs with this batch of updates. Perhaps one of the most important issues addressed in this round of updates, however, is Apple’s response to the recent development of a severe vulnerability in the most commonly used Wi-Fi security protocol, WPA2.
The attack, officially dubbed KRACK, but also commonly called a “key reinstallation attack,” leverages up to 10 individual exploits to offer an avenue for a hacker to intercept data on a protected network. WPA2 uses a complex system of encrypted handshakes between routers and devices on the network. At each step, different encryption keys keep the process obscured from prying eyes. In the KRACK attack, a hacker can compromise the integrity of this process. The result: a re-used encryption key, or one set to a null value, which allows the attacker to begin accessing network traffic as if they had authenticated as a user.
A very recent development, the KRACK vulnerability is a serious issue affecting a considerable number of systems, and many companies are still working to correct the problem. However, the attack must exploit both the device in question and the network router together — patching either one resolves the issue. Fixing the key reinstallation vulnerability is a major component of Apple’s new round of security patches. macOS High Sierra received the patch, as well as Sierra and El Capitan. Mac users should apply this update immediately to take advantage of the restored protections.
Although the risk is less severe on iOS, it still exists, and iOS 11.1 corrects the issue for the iPhone 7 and later. Notably, the iPhone 6 and other models are absent from Apple’s security notes. Whether an additional update for these platforms is forthcoming or not is not yet known. However, the overall security content of iOS 11.1 is still essential, and 6, 6s, and other iPhone users should apply the update ASAP as well.
