WPA2 Wi-Fi Vulnerability

This just in.

From BleepingComputer:

Mathy Vanhoef, a researcher from the University of Leuven (KU Leuven), has discovered a severe flaw in the Wi-Fi Protected Access II (WPA2) protocol that secures all modern protected Wi-Fi networks.

The flaw affects the WPA2 protocol itself and is not specific to any software or hardware product.

Vanhoef has named his attack KRACK, which stands for Key Reinstallation Attack.

Yikes!

Also from BleepingComputer:

List of Firmware & Driver Updates for KRACK WPA2 Vulnerability

Apple ID Password reset site is back online

After taking down iforgot.apple.com following a serious vulnerability found earlier today. The security vulnerability allows Apple ID password to be reset with only email and birthdate. Accounts with two-step verification is not affected by this vulnerability. Apple took down its Apple ID password reset site to address the vulnerability.

Apple rolled out two-step verification for Apple ID on Thursday March 21, 2013.

iforgot.apple.com

Apple Releases SMS Fix Through iPhone Software 3.0.1.

Less than 24 hours after the demonstration of SMS Hack at Black Hat Technical Security Conference, Apple releases iPhone OS 3.0.1 with the promised fix. Apple was notified of the security flaw six weeks before the demonstrations of the flaw. Apple iPhone is not the only platform vulnerable to this exploit. Android and Windows Mobile platforms are also vulnerable.

iPhone OS 3.0.1 carries the build number 7A400.

iPhone_301_sms_fix

iPhone1,1_3.0.1_7A400_Restore.ipsw 240.4 MB
iPhone1,2_3.0.1_7A400_Restore.ipsw 241.3 MB
iPhone2,1_3.0.1_7A400_Restore.ipsw 312.3 MB