Microsoft already has a fix for that severe WiFi security exploit (updated)

Google has an Android patch coming within weeks.


The "Krack Attack" WiFi encryption security flaw is more than a little frightening, but you should already be relatively safe if you're using a recent Windows PC. Microsoft has released a patch that fixes the vulnerability on all supported versions of Windows (effectively, 8 or later). Windows isn't as susceptible to the flaw as Linux-based platforms like Android, which don't demand a unique encryption key, but this fix may have a significant impact simply through the sheer ubiquity of Windows in the computing world.

To recap: the exploit revolves around cloning a WPA2-encrypted WiFi network, impersonating its MAC address and changing the WiFi channel. Intruders can force your device to connect to this bogus network instead of the legitimate one, making it easier for them to snoop on your data traffic or perpetrate attacks that require a local network. Would-be hackers have to get within physical distance of a target network for this to succeed, but that's potentially a huge problem for public networks.

As for other platforms? Apple hasn't detailed a fix yet, but Google is promising that Android phones with a November 6th security update will be protected against Krack Attack. The Wi-Fi Alliance is also requiring that all of its partners (including Apple and others) check for the exploit and patch if necessary. The issue is already in hand, then. The main concern is whether or not updates arrive in a timely manner -- not every Android vendor delivers security updates in a timely fashion, so you may end up waiting past November 6th to lock down your device.

Update: Apple says the flaw has been fixed in the beta versions of macOS, iOS, tvOS and watchOS. Given that the finished versions of these updates are expected in October, you shouldn't have to wait too much longer if you prefer Cupertino's products.