Proving once again that hackers security researchers are the reason we can't have nice things, the Key Installation Attack (KRACK) is loose in the wild and exploits an intrinsic weakness in the WPA2 protocol to let unsavory sorts do unsavory things.
That depends on who lives near you and how much you've pissed them off because as usual hacking WiFi networks requires the attacker to be physically close. On the down side, the short story is that there are no more secure wireless protocols.
The industrial and national espionage opportunities are more compelling than Eve going after Alice and Bob's home network traffic so some of you are more screwed than others. Authenticated WPA2 Professional still relies on the same underlying technology that has this intrinsic flaw. Additionally, some implementations are more susceptible to certain classes of attacks than others.
Problematically, the extremely-vulnerable wpa_supplicant implementation is at the heart of any Linux-based system including and especially embedded ones such as consumer WiFi routers, smart TVs, and pretty much any Internet of Things device. For a lot of these things you'll be lucky to ever see a firmware update.
This can be fixed by a minor revision to the WPA2 specification that's backwards-compatible with existing devices/software/whatever. Network traffic that's designed to operate over unsecure links is unaffected (e.g. https://, encrypted VPN). Read a Mickens about security and feel better.
Any fix will require a patch, a lot of stuff won't get patched, and any unpatched device/software/whatever is an attack vector. Unsecure network services (e.g. everything not designed to operate on the raw Internet) are exposed to attackers on your network. An attacker on your network can turn all your stuff into zombies, access your open network shares, and otherwise do anything that someone you've given your network password can do.
Have a nice day, patch all your stuff, and don't forget to use AES.
Icrontic — Home of the Big Beef Burrito since 8-8-2000, fool. A Short-Media community © 2003–2017. Powered with ill-gotten helium.