Security Alert

Apple iOS & Mac OS Security Vulnerabilities

Nov 2, 2017:  Several vulnerabilities have been identified on iOS and Mac OS in the past week.

Update your computers & devices ASAP

Security updates have been released.  Please update your computers and devices as soon as possible.  To do so, open the App Store app and click Updates.  The security updates for Mac OS takes about 6 minutes to download and install, including restarting your computer (give or take a few minutes depending on your connection).

It is very important that these updates be installed ASAP.  Delaying will put your computer and devices at risk.

Wi-Fi Standard Vulnerability

Oct 16, 2017:  A vulnerability has been identified in all modern implementations of current wireless encryption standards (WPA 1/2). An attacker within range of a victim can exploit these weaknesses using key re-installation attacks (KRACKs). Specifically, attackers can use this technique to read information that was previously assumed to be safely encrypted. This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.

The attack works against all modern protected Wi-Fi networks.  The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is affected.

To prevent an attack

Users must update affected products as soon as security updates become available to prevent an attack. Note that if a device supports Wi-Fi, it is affected. Researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by some variant of the attacks.

MSU is taking steps to protect the Wi-Fi environment on the MSU campus but stresses that it is critical for users to update all devices' operating systems as soon as patches are available. As noted above, this includes Windows, Mac, Apple iOS, Android and Linux.