Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Has Already Fixed the Wi-Fi Attack Vulnerability; Android Will Be Patched Within Weeks (theverge.com)

Posted by msmash on from the quick-dispatch dept.

Microsoft says it has already fixed the problem for customers running supported versions of Windows. From a report: "We have released a security update to address this issue," says a Microsoft spokesperson in a statement to The Verge. "Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected." Microsoft is planning to publish details of the update later today. While it looks like Android and Linux devices are affected by the worst part of the vulnerabilities, allowing attackers to manipulate websites, Google has promised a fix for affected devices "in the coming weeks." Google's own Pixel devices will be the first to receive fixes with security patch level of November 6, 2017, but most other handsets are still well behind even the latest updates. Security researchers claim 41 percent of Android devices are vulnerable to an "exceptionally devastating" variant of the Wi-Fi attack that involves manipulating traffic, and it will take time to patch older devices.

10 of 136 comments (clear)

  1. Gee, thanks Mr. Google by Anonymous Coward · · Score: 0, Insightful

    That patch is gonna do so much good laying around at your release server.

  2. Re: Um, fuck off by Anonymous Coward · · Score: 3, Insightful

    Grow up. The article links to the previous Slashdot story from earlier today and is still on the front page. The previous article links to a research paper explaining the vulnerability. For anyone who has looked at the front page this morning or even bothered to examine the links in the summary, it's blatantly obvious which vulnerability is being discussed here. Here's hoping you're modded -1 flamebait. You deserve it.

  3. Re: Um, fuck off by Anonymous Coward · · Score: 0, Insightful

    Stop being an apologist for msmash's atrocious editing. It's extremely important to know exactly which security problems are being discussed here. That's where CVE numbers come in. They take away the ambiguity.

    And don't forget that the front page shows the most recent submissions first. Somebody looking at the front page will see this atrocious and confusing submission before they see the other one.

    There's no excuse for a summary as bad as this one. No excuse at all!

  4. Re:Access Points by dc29A · · Score: 5, Insightful

    Worse, how many millions of Android handsets will never see this patch?

  5. Android updates suck by DigitAl56K · · Score: 5, Insightful

    So now most Android devices are, and will continue to be, vulnerable to both BlueBourne and WPA2 KRACK, meaning that essentially they are wide open to anyone pilfering whatever they want off the device itself and as they communicate over the air. With most manufacturers abandoning updates in 3 years or sooner, and for the small pool of supported devices having very infrequent updates available, many times 3-6 months behind the curve, why do we allow this kind of chronic insecurity?

    It's insane that we allow businesses to behave like this: Give everyone computing devices they use to run their lives - healthcare, credit, banking, social, BYOD work, etc. and leave them open like Swiss cheese.

    1. Re:Android updates suck by DNS-and-BIND · · Score: 3, Insightful

      So, what you're telling me is that all of the affected customers will not be receiving updates, and they'll have to buy a new device?

      What a tragedy. By which I mean, the refusal to provide updates will result in greatly increased sales.

      --
      Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  6. What percentage of Android will be patched by perpenso · · Score: 4, Insightful

    Android Will Be Patched Within Weeks

    What percentage of Android will be patched?
    The 18% with 7/Nougat or better,
    the 50% with 6/Marshmallow or better,
    the 78% with 5/Lollipop or better,
    the 92% with 4.4/Kitkat or better?
    https://developer.android.com/...

    1. Re:What percentage of Android will be patched by Merk42 · · Score: 5, Insightful

      Android Will Be Patched Within Weeks

      What percentage of Android will be patched?
      The 18% with 7/Nougat or better,
      the 50% with 6/Marshmallow or better,
      the 78% with 5/Lollipop or better,
      the 92% with 4.4/Kitkat or better?
      https://developer.android.com/...

      The .02% with 8/Oreo or better

  7. Google has promised a fix for affected devices by Anonymous Coward · · Score: 2, Insightful

    Google has promised a fix for affected devices "in the coming weeks."

    As a Nexus 5 owner, I'm not holding my breath on that being a true statement.

  8. Re:Already released patch or new patch as of today by Dog-Cow · · Score: 4, Insightful

    Sounds like a good fix to me. Instead of accepting retransmits, it's safer to restart the entire handshake.