The massive Krack attack that exploits a weakness in WPA2 WiFi encryption from yesterday is turning out to have somewhat less of an impact then first feared. Several companies have already announced that they either have patches on the way, or have already solved the problem.
Microsoft leads the way in protecting its userbase; at least those using supported versions of Windows. A security patch released on 10 October resolves the WPA2 exploit, preventing the wireless connection from being hijacked. Of course, this relies on users keeping their Windows up-to-date.
Apple has a similar plan in place, although the security patch is currently only available in the beta versions of its operating systems. The final version of iOS, MacOS, tvOS, and WatchOS are all expected to be rolled out later this month. Which, in theory should be fast enough to protect users from any potential cybercriminals looking to deploy the exploit.
Google is currently the slowest to respond to the security threat. According to a tweet from a staff member, the patch will only be rolled out on 6 November. Three weeks is a little slow to get a patch out; but then again the Android ec-system is extremely fragmented and requires a lot more work than its competitors. It should be noted that this patch will still need to be pushed out by OEMs for their respective devices.
While it’s extremely worrying to see such a big weakness in the most widespread encryption standard in the word, there’s no need to worry too much. Most software companies are well aware of the dangers of leaving systems unpatched by now; although, the same can’t be said for the people using these devices.