On 10/17/17 07:25, William Unruh wrote:
On 2017-10-17, J.O. Aho wrote:
On 10/16/17 23:31, Roger Blake wrote:
On 2017-10-16, J.O. Aho wrote:
It's more important to update the client than the server.

Is this something that MS can push an update out for to fix, or does the
wifi chip vendor need to fix device firmware or device driver?


No, not the chip vendor, the manufacturer of the device, for example to
get a fix for your phone, the phone manufacturer has to push out a fix,
then your phone operator may have a custom firmware for your phone, then
you may be vulnerable a lot longer.

As I understand it on Android, it uses wpa_supplicant to make the WPA2
connection, and what is needed is to push an updated wpa_supplicant
onto the phone (and presumably something similar for IOS).
I do not think it has anything to do with the firmware.

The wps_supplicant ain't delivered as APK, so you will need a firmware
update. On most GNU/Linux phones it's a package (rpm/deb), so that could
be pushed out without a firmware update.