Android December security bulletin finally has KRACK fix for Pixels
Google missed that window when it rolled out the November set of security
patches without a fix for the KRACK vulnerability. Fortunately, that whole
scare seems to have blown over on its own before Google could finally get
the fix out the door today.
Some have actually downplayed the full severity of the Wi-Fi WPA2 vulnerability known as KRACK. On paper, it is indeed frightening to have your entire network activity exposed so easily, especially when Android devices have been explicitly singled out as very vulnerable. In reality, however, it requires a specific set of circumstances for it to happen, and presumes that the Android device is even on an WPA2 network. Even then, the Android device itself won’t be compromised, as it uses other encryption and security systems other than WPA2.
Due to its scheduling, the KRACK fix didn’t actually make it to the set. While that may be a bit understandable on some level, you’d also presume Google would be on top of the matter and rollout a special patch. It seems Google didn’t find KRACK to be that much of a threat enough to disturb its schedule. B
