Cybersecurity researchers uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.
Dubbed ‘Kr00k‘ and tracked as CVE-2019-15126, the flaw could let nearby remote attackers intercept and decrypt some wireless network packets transmitted over-the-air by a vulnerable device.
The attacker does not need to be connected to the victim’s wireless network and the flaw works against vulnerable devices using WPA2-Personal or WPA2-Enterprise protocols, with AES-CCMP encryption, to protect their network traffic.
CVE-2019-15126 Details – This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
Multiple Cisco wireless products are affected by this vulnerability.
Cisco will release software updates that address this vulnerability. There are no workarounds that addresses this vulnerability.
Apple has addressed this Vulnerability
Workarounds
- There are no workarounds that address this vulnerability.
Source: (THN) https://thehackernews.com