Serious Flaw in WPA2 Protocol

Dan Goodin, writing for Ars Technica:

Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks.

This is bad.

Rene Ritchie, writing for iMore:

Apple has confirmed to me that the KRACK exploit has already been patched in iOS, tvOS, watchOS, and macOS betas. As soon as the updates leave beta, they’ll be pushed out to everyone. We’ll have to wait and see how fast other manufacturers are to respond, and how many of our connected devices receive updates.