Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

11.1 only fixes Krack for iphone 7 & ipad pro and newer?

L

liteshow

macrumors regular
Original poster
Sep 20, 2012
239
21
Taken from https://support.apple.com/en-gb/HT208222

Wi-Fi

Available for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

Does that mean older iphones and ipads do not get the patch?
 
liteshow said:
Taken from https://support.apple.com/en-gb/HT208222

Wi-Fi

Available for: iPhone 7 and later, and iPad Pro 9.7-inch (early 2016) and later

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA clients (Key Reinstallation Attacks - KRACK)

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven

Does that mean older iphones and ipads do not get the patch?
Click to expand...

It's regarding the security aspects only ... there is more to this update.
 
I was refering specifically to the wifi patch - hoping that it applied for all devices and not just newer one. I have a iphone 6s and ipad air 1. From the apple support page, this means that my older devices are still vulnerbable to the KNACK attack.

jaymc said:
It's regarding the security aspects only ... there is more to this update.
Click to expand...
 
liteshow said:
I was refering specifically to the wifi patch - hoping that it applied for all devices and not just newer one. I have a iphone 6s and ipad air 1. From the apple support page, this means that my older devices are still vulnerbable to the KNACK attack.
Click to expand...

if it cant be patched, they should warn those buying 6s iPhones and mini 4 ipads
 
Last edited:
I just talked to Apple's Support. All they said is "please file a feedback on our website". I mean WTF? I have the previous generation 12.9" iPad Pro that isn't receiving the fix. I have to purchase entirely new model to receive a security fix or continuing using a vulnerable product and risk getting hacked?
 
Something that was mentioned in another iOS 11.1 release thread:
sbailey4 said:
Yep apparently in the older devices iOS WPA2 implementation was not correctly done and as a side benefit are not vulnerable to KRACK. According to Steve Gibson of Security Now, iOS was not vulnerable to KRACK because they misimplemented the WPA2 specification. My guess is iP7 and up is when WPA2 was fixed and therefore now those devices need the patch! Perhaps Apple will relay this information soon to clear it up for all. That could mean the non iOS11 compatible devices are all fine as well.
Click to expand...
 
  • Like
Reactions: tomjleeds and NoBoMac
Act3 said:
if it cant be patched, they should warn those buying 6s iPhones and mini 4 ipads
Click to expand...
Yeah, and iPhone SE.

C DM said:
Something that was mentioned in another iOS 11.1 release thread:
Click to expand...
Hopefully this is the case. Otherwise it's quite inexplicable that they left not only recent products but currently shipping products unpatched.

Some clarification from Apple would be much appreciated by this iPad Air 2 owner.
 
Last edited:
This is bad, very bad and disappointing. And I don’t care about what just one person in a random Podcast says, if Apple releases a fix it means, there was vulnerability and it should be fixed on devices they are actually still selling like the 6s and SE as well.
 
apfelbaum said:
This is bad, very bad and disappointing. And I don’t care about what just one person in a random Podcast says, if Apple releases a fix it means, there was vulnerability and it should be fixed on devices they are actually still selling like the 6s and SE as well.
Click to expand...
Well, who the person is and what they do can certainly make a difference.
 
I just wrote the following in this thread, but the bottom line is, Apple needs to make a definitive statement as to which devices may be vulnerable, and to what. I have an iPod Touch 5th gen, for example, and I remain afraid to enable Wi-Fi. At least my iPhone 7 is now patched, and I can turn off the VPN at home.

Apple Releases iOS 11.1 With New Emoji, 3D Touch App Switcher, and More

Yeah, thanks for posting this. In Section 3.2 of the Vanhoef/Piessens paper, they have a table for a variety of OSes, iOS represented by v. 10.3.1. That version is only susceptible to the Group Key attack, which per sections 4 and 6.1, allows an attacker to replay broadcast and multicast frames sent from AP to client, and that's all it can do.

You could well be right that iPhone 7 is the first one susceptible to the more dangerous attacks that allow decryption and forging. Would love to get a statement from Apple to that effect.
 
Re: only certain iOS devices being susceptible: I can believe it, and why there are no KRACK updates for some of the older devices. Case in point: Apple did roll a security update for El Capitan today for KRACK (support dropped for that one year ago), so, they have not abandoned all old platforms for this issue.
 
NoBoMac said:
Re: only certain iOS devices being susceptible: I can believe it, and why there are no KRACK updates for some of the older devices. Case in point: Apple did roll a security update for El Capitan today for KRACK (support dropped for that one year ago), so, they have not abandoned all old platforms for this issue.
Click to expand...
Well, they certainly are treating the macOS side differently from the iOS side; that much is clear. On macOS, they are not only patching all Macs, they are offering a fix for older versions of the OS (back two generations). On iOS, they're not only not going back to iOS 9 or 10 (which I wish they would), they are also not even patching older devices running iOS 11.

The more I think and read about it, the more I am persuaded that it must have to do with the older devices not being vulnerable in the first place. I just can't fathom they'd patch it on some but not all devices running the current iOS.
 
  • Like
Reactions: sbailey4
They made an update to the security page for iOS 11.1 adding the iPhone 8 and X and also stating older devices are not impacted
 
stbrown said:
They made an update to the security page for iOS 11.1 adding the iPhone 8 and X and also stating older devices are not impacted
Click to expand...
Seems like they added another related but separate entry for something additional that was addressed related to KRACK for iPhone 8 and X line of phones, which doesn't impact older devices. The original KRACK entry is still there too without specifically calling out earlier devices.
 
C DM said:
Something that was mentioned in another iOS 11.1 release thread:
Click to expand...

That made no sense. It implies that the WPA2 code is not part of the OS. So then, how can an OS update fix it on certain devices.

Apple needs to clarify this.
 
AsherN said:
That made no sense. It implies that the WPA2 code is not part of the OS. So then, how can an OS update fix it on certain devices.

Apple needs to clarify this.
Click to expand...
Well, there's likely more to it all, but doesn't seem like there's much information is out about that.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back