We realize the security of your customers is your highest concern and we are actively working towards a solution. A team of engineers are progressing on the security patch for this vulnerability with an estimated release of late November to early December.
"The good news is KRACK is a wide but shallow bug: nearly every device that uses Wi-Fi is vulnerable, but the attack itself is difficult to execute and not as damaging as you might expect. Taking advantage of this bug would take a lot of preparation and a very specific target, which is very good news in the short term.
KRACK is essentially a weakness in the WPA2 system, which secures the Wi-Fi connection between a router and a computer. When that system breaks down, it could let an attacker get in between you and your router. From there, they can eavesdrop on unencrypted (non-HTTPS) traffic or compromise your computer by slipping malware into legitimate websites. But an attacker would have to be within Wi-Fi range to carry out any of those exploits, which dramatically reduces the risk that an average person will be targeted. Unlike server-side bugs like Heartbleed or Shellshock, there’s no way to carry out the attack over the internet at large. Hackers need to be physically present in range of a network, and even if you’re war-driving, you can only hit one network at a time.
The upshot of all of that is you probably don’t have to worry about hackers going after your network specifically. Still, we encrypt Wi-Fi signals for a reason, so you will want to patch your software as soon as it becomes available." (
Article reference www.theverge.com
)
