Well-known information security expert Mathy Vanhoef reported the discovery of a whole set of vulnerabilities Frag Attacks (Fragmentation and aggregation attacks) that impacting all Wi-Fi devices (computers, smartphones and "smart" devices) released after 1997.

Frag Attacks issues (CVE-2020-24588, CVE-2020-24587, CVE-2020-24586, CVE-2020-26145, CVE-2020-26144, CVE-2020-26140, CVE-2020-26143, CVE-2020- 26139, CVE-2020-26146, CVE-2020-26147, CVE-2020-26142, CVE-2020-26141) allow an attacker in the Wi-Fi range to collect information about the owner of the device and execute malicious code. Even worse, the vulnerabilities affect even when WEP and WPA protection is active. Wanhof immediately reported his findings to the WiFi Alliance engineers. For the past nine months, the organization has been working on fixing the standards and working with device vendors to prepare fixes as soon as possible.

It is known that Microsoft has already released fixes for 3 of the 12 vulnerabilities affecting Windows systems. Cisco, Juniper Networks, HPE/Aruba and Sierra Wireless have also prepared patches for their products. Other vendors plan to present patches in the coming weeks.

Source: xakep.ru