There is a new vulnerability in WPA2 called KRACK (short for Key Reinstallation Attack), as described in The Guardian article:
'All WiFi networks' are vulnerable to hacking, security expert discovers'
According to the article:
The vulnerability affects a number of operating systems and devices,
the report said, including Android, Linux, Apple, Windows, OpenBSD,
MediaTek, Linksys and others.
Have there been any security releases for iOS fixing this?
Best Answer
Updates released 31 October 2017
Apple has released updates that include a fix for the KRACK vulnerability for macOS, iOS, tvOS and watchOS. To get the updates:
Launch the App Store and select the Updates tab.
Go to Settings > General > Software Update
Launch the Watch app on your iPhone, then go to General > Software Update
For Apple TV 4 (and 4K) go to Settings > System > Software Updates and Select Update Software.
For Apple TV (2nd/3rd generation) go to Settings > General > Update Software
It's Apple's policy to not comment on security vulnerabilities until they are patched, and even when they do, they are often quite vague about it.
However, with a little detective work, we can gain some insight. Looking at the CVEs assigned to this particular vulnerability,* we can get listing of the issues that should be addressed by Apple when they decide to issue a security patch:
Also, this ZDNet Article - Here's every patch for KRACK Wi-Fi vulnerability available right now (Oct. 16, 2017) indicates that vendors are responding quickly and Apple has confirmed that patches are in beta.
*Common Vulnerabilities and Exposures (CVE®) is a list of common identifiers for publicly known cyber security vulnerabilities. Use of "CVE Identifiers (CVE IDs)," which are assigned by CVE Numbering Authorities (CNAs) from around the world, ensures confidence among parties when used to discuss or share information about a unique software vulnerability, provides a baseline for tool evaluation, and enables data exchange for cyber security automation.