WiFi fragattacks. Mainly a concern for Apple computer users

**Dave2002** · 13-05-21, 20:30

Why should it be more of a concern for Apple users? That doesn't come from the article, I think.

**Bryn** · 13-05-21, 20:47

Originally posted by Dave2002 View Post

Why should it be more of a concern for Apple users? That doesn't come from the article, I think.

Because, as made clear in the article, Microsoft has already issued a fix in a Windows 10 update. Hence the suggestion to make sure Windows machines have their O/S brought up to date.

The good news is, Vanhoef disclosed the vulnerabilities responsibly and gave a nine-month lead time. Microsoft already released patches for Windows 10 that should mitigate the problem, and a fix for Linux is coming. But that still leaves plenty of IOT devices, routers, and macOS vulnerable. Vanhoef even managed to trick a macOS device to switch to a malicious DNS server, redirecting unsuspecting users to sites owned by a hacker. And with a malicious DNS server in place, the hacker could exfiltrate private data, like usernames, passwords, and possibly more.

**Anastasius** · 13-05-21, 20:50

Originally posted by Dave2002 View Post

Why should it be more of a concern for Apple users? That doesn't come from the article, I think.

It does. The article says that there is a patch for Windows but not MacOS.

What the article doesn't say is how the malicious stuff is injected...presumably by wi-fi ....I skim read the article ...need to read it in more depth.

**Anastasius** · 13-05-21, 20:54

Quick Google...

To conduct an attack based on these flaws, the adversary has to be within range of the victim and the applicable Wi-Fi access point. The adversary would then have to dupe the victim into some network interaction, like downloading an image from an adversary-controlled server.

I won't be losing any sleep.

**Bryn** · 13-05-21, 21:00

Originally posted by Anastasius View Post

Quick Google...

To conduct an attack based on these flaws, the adversary has to be within range of the victim and the applicable Wi-Fi access point. The adversary would then have to dupe the victim into some network interaction, like downloading an image from an adversary-controlled server.

I won't be losing any sleep.

It's as well to be aware of what dangers there are, however, and many Mac users tend to think themselves and their computer's operating system to be immune from malware attacks.

**Dave2002** · 14-05-21, 08:08

Originally posted by Anastasius View Post

It does. The article says that there is a patch for Windows but not MacOS.

What the article doesn't say is how the malicious stuff is injected...presumably by wi-fi ....I skim read the article ...need to read it in more depth.

I agree about the Windows patch, but unless I missed something it didn’t mention MacOS.

Absence of evidence ...

**Bryn** · 14-05-21, 09:21

Originally posted by Dave2002 View Post

I agree about the Windows patch, but unless I missed something it didn’t mention MacOS.

Absence of evidence ...

Ahem. As quoted in #3, "Vanhoef even managed to trick a macOS device to switch to a malicious DNS server, redirecting unsuspecting users to sites owned by a hacker. And with a malicious DNS server in place, the hacker could exfiltrate private data, like usernames, passwords, and possibly more".

**Bryn** · 14-05-21, 10:18

Further Windows 10 update(s) available today.

WiFi fragattacks. Mainly a concern for Apple computer users

WiFi fragattacks. Mainly a concern for Apple computer users

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment