Google has confirmed to Ars Technica that its Pixel and Nexus devices will not receive all Android security patches for one month in November, for example KRACK patch. Excluded this time is the patch with the security level 6 November. It covers only the vulnerabilities used for the KRACK attack on WPA2 encryption of wireless networks.
However, Ars Technica also stresses that the delay in this case is not a big problem. The KRACK vulnerabilities allow an attacker to collect data that allows logging on without a valid Wi-Fi password while a client, such as an Android smartphone, connects to an encrypted Wi-Fi network.
Of these, according to the researchers who discovered the vulnerabilities, especially Linux clients and devices with Android 6.0 Marshmallow and newer will be affected.
Also, any secure HTTP (HTTPS) encrypted sites would not reveal any data in an unencrypted network. However, users can not recognize which third-party apps are able to communicate encrypted with their servers and therefore can be safely used without KRACK patches.
