Update Apple

[zeadope-zz]

• iOS: 11.1 released: LINK
• MacOS: 10.13.1 released: LINK
• tvOS: 4.1 released?
• watchOS: 11.1 released?

[eaglerainbow]

I do agree that iOS 11.1 apparently addresses the KRACK, but I currently can't find any evidence/hint that macOS High Sierra 10.13.1 would do the same. Am I overlooking something?

Disclaimer: I am by far not an Apple-guru... 😶

[zeadope-zz]

It’s fixed since 10.13.1 Beta 3 I believe.

[acohn]

HT208221 says KRACK is fixed in 10.13.1.

Also, @maljb has already opened pull request #204 to fix this.

[eaglerainbow]

@acohn Thanks for bringing this up! HT208221 is already convincing me more 😄
However, as far as I can read there, they claim to only have fixed three out of ten of the well-known CVEs. There is no statement about the state of the others (could be that they are a) not affected or b) affected, but still not fixed or c) they have to checked them yet).

Also great that we now have #204, but the current statement is a little too generic to my mind (I will comment also in the review of the PR on this).

In general: Having some (but not all) CVEs fixed is better than having none of them fixed. ==> Still you should apply the patch (if there is nothing else around, which makes that impossible)!

At all: Please feel free to convince me with further links to official statements that all issues are fixed already with MacOS 10.13.1!

@zeadope Having something in for a beta, does not mean that it is also part of the shipment in the release version (though being likely). For instance, during beta testing they detected that the change had an undesirable side-effect, which was more severe than the original issue. So, it could be that they removed the fixes again. (NB: I am not claiming that this is the case here in particular). Though, that is why I trust a correction from beta only, if I have an official statement somewhere saying that the correction is also included also in the final version.

[eaglerainbow]

Update:

• https://support.apple.com/de-de/HT208219 states that tvOS 11.1 addresses CVE-2017-13080
• https://support.apple.com/de-de/HT208220 states that watchOS 4.1 addresses CVE-2017-13080

No statement though about all the other CVEs.

https://support.apple.com/en-us/HT201222 states that the two versions would be released in the meantime.

[eaglerainbow]

Also noteworthy (to my mind): https://support.apple.com/en-us/HT208221 states that the "three CVEs" discussed above alre also fixed/will be fixed with

• macOS Sierra 10.12.6
• OS X El Capitan 10.11.6

as well.
Given the widespread usage of components, I think this justifies an own markdown page documenting the details of what was fixed exactly when...

[eaglerainbow]

Please find at #205 a suggestion, how I think this could look like.

Suggestions / discussion / objections / ideas are welcome!

[kristate]

Merged #205

[InternalLoss]

https://support.apple.com/en-gb/HT208258 (for 802.11n) addresses CVE-2017-13077, CVE-2017-13078, and CVE-2017-13080 for the AirPort Base Station (and Time Capsule) models; perhaps they should also be included in the apple list?

(Apple AirPort Stations can be a client and AP; sometimes TCs connect over WiFi just to be used as a Time Capsule backup)