Google has published this month's Android security bulletin, and the company provided a fix for the KRACK vulnerability that came to light last month.
The Android Security Bulletin for November 2017 is split as three separate packages — 2017-11-01, 2017-11-05, and 2017-11-06. The KRACK fixes are included in the latter — 2017-11-06.
If your phone receives the update and the security patch level is 2017-11-06, the KRACK fixes are also included.
Google last major vendor to patch KRACK bugs
Discovered by Mathy Vanhoef, a researcher from the University of Leuven (KU Leuven),
the KRACK vulnerability affects the WPA2 WiFi protocol. It allows attackers to forcibly reinstall connection keys and intercept a user's WPA2-protected WiFi traffic.
Many vendors were notified of the vulnerability in advance, including Google, and most
provided fixes and workarounds when Vanhoef went public with his research.
Google is among the last major vendors to deliver KRACK fixes. This is in contrast with Microsoft, which
silently deployed KRACK fixes to Windows users without telling anyone, a month before the vulnerability became public.
Apple released KRACK patches at the end of October, as part of iOS 11.1 & macOS High Sierra 10.13.1.
Users can detect devices vulnerable to KRACK attacks with tools and proof-of-concept code Vanhoef released via his
GitHub account, or via this third-party-developed toolkit named
KRACK Detector.
