How Apple, Google and Microsoft are addressing the KRACK Wi-Fi vulnerability

Ah, WPA2 (Wi-Fi Protected Access): you've protected our Wi-Fi so well for so many years now.

Unfortunately, that illusion of safety was shattered earlier today when security researcher Mathy Vanhoef reported a vulnerability in the WPA2 handshake protocol that he's calling KRACK (for "Key Reinstallation Attack). Since almost every modern Wi-Fi device uses it, that effectively means every modern Wi-Fi compatible device is vulnerable. You'll find more information about it in our earlier coverage.

Fortunately, Apple, Google and Microsoft have all already issued statements saying they've addressed the issue in some form or another. 

Microsoft, in fact, has already addressed the vulnerability, along with an exhaustively detailed list of the changes it made. You should be able to protect your PC or any other Windows-powered device with a simple update.

"Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically," the company said in a statement. "We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates."

  • Check out our best VPN guide; any of the top-rated VPN services is likely to be good enough to protect you, even with KRACK around.

Apple informed Rene Ritchie of iMore that it had already patched the vulnerability in the betas for iOS, tvOS, watchOS and macOS. However, these betas are still largely only available to developers, but they should, hopefully, go out to consumers relatively soon.

Google, meanwhile, said that it is working on resolving it.

"We're aware of the issue, and we will be patching any affected devices in the coming weeks," the Mountain View, California company said in a statement to CNET.

The Wi-Fi Alliance, a nonprofit agency that certifies products for Wi-Fi security, announced that it would start testing for the vulnerability as part of its standard program.

"Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member," the organization said in its statement. "Wi-Fi Alliance is also broadly communicating details on this vulnerability and remedies to device vendors and encouraging them to work with their solution providers to rapidly integrate any necessary patches."  

The agency also said in the same statement that a "straightforward software update" should fix the issue, and the actions being taken by Microsoft, Apple and Google seem to confirm that.

So, if you're using an iOS or Android device, try to stay off of public Wi-Fi networks for now. If you absolutely must use public Wi-Fi, make sure you stick to secured sites that have HTTPS in their web address. And, of course, hope that Google and Apple roll out their patches soon.

  • Need a new Wi-Fi router? Black Friday could be the best time to buy one
Latest in Wi-Fi & Broadband
Eero 7 on a nightstand
Amazon's new Eero 7 and Pro 7 complete a 'comprehensive lineup' for its customers – here's everything you need to know
A hacker wearing a hoodie sitting at a computer, his face hidden.
I just learned something awful about my home Wi-Fi setup thanks to iFixit’s ‘worst of CES 2025’ awards
Extendable WiFi 7 KV
Don't buy a router, buy a fast and secure ASUS WiFi 7 extendable router
Netgear Nighthawk router next to its box on a table
Netgear Nighthawk RS200 review: Netgear’s latest Wi-Fi 7 router is competitively priced – but makes compromises to get there
Netgear Orbi 770 router system resting on a table
Netgear Orbi 770 review: fast speeds, low Wi-Fi 7 prices
TP-Link Deco X55 3 pack
Don’t wait until Black Friday to fix your Wi-Fi – this awesome Labor Day deal could solve your problems
Latest in News
Jason Sudeikis' Ted Lasso pointing at someone in Ted Lasso season 2
Believe it, baby: Ted Lasso season 4 is officially in development for Apple TV+ and Jason Sudeikis will reprise his role as the titular soccer coach
Quordle on a smartphone held in a hand
Quordle hints and answers for Saturday, March 15 (game #1146)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Saturday, March 15 (game #377)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Saturday, March 15 (game #643)
Rainbow Six Siege X promotional art.
The Tom Clancy's Rainbow Six Siege X 6v6 mode might finally pull me away from Black Ops 6
A close up of the new web version of Apple Music Classical
Apple Music Classical is now available on the web, but its Mac app is still nowhere in sight