Impacted Vendors Release Advisories for FragAttacks Vulnerabilities
Vendors impacted in the FragAttacks, a series of recently disclosed Wi-Fi vulnerabilities, have released security advisories in response. A dozen CVE identifiers have been assigned to the set of vulnerabilities after they were discovered last year by security researcher Mathy Vanhoef. The vulnerabilities consist of three design flaws and nine implementation bugs. As part of his investigation into the security risks, Vanhoef tested 75 separate Wi-Fi devices, finding that they were all affected by at least one of the previously uncovered vulnerabilities.
However, most of the tested devices were impacted by several different issues, implying that the vast majority of devices with Wi-Fi capabilities are exposed to attacks. Vendors affected by the vulnerabilities were given 9 months to release patches. However, shortly after Vanhoef released his research, more than a dozen of the vendors impacted by the flaws released advisories and pledged to create patches as soon as possible. Impacted organizations include Netgear, Microsoft, Aruba Networks, Intel, Dell, Juniper Networks, and more.