To be of any use to an attacker, both the WPA2 device and the connected client need to remain vulnerable to KRACK.
While it doesn't diminish the pressing need to patch the Macs and iOS devices, updating your WAPs will help. Ubiquiti, for example, released updates yesterday for their various UAPs. (UCK controller firmware 5.6.19 is also live.)
@pete_c is right. According to discoverer Mathy Vanhoef, updates should occur on APs and on clients, but just APs will help your network, at least.
... luckily implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point (AP), and vice versa. In other words, a patched client or access point sends exactly the same handshake messages as before, and at exactly the same moment in time. However, the security updates will assure a key is only installed once, preventing our attack. So again, update all your devices once security updates are available. Finally, although an unpatched client can still connect to a patched AP, and vice versa, both the client and AP must be patched to defend against all attacks!
So it's possible I just missed it, but, does anyone know if Apple has released a patch for Sierra to fix this vuln yet? In doing searches I'm not pulling anything up.
Or is so far the only statement from them, that, sure, if you are running our latest buggy new OS, you're fine, otherwise, you are SOL? I seriously hope they don't leave 10.12.x Macs out to dry just because 10.13 is out now. I'm getting asked how soon we can get a patch for this deployed, but we go to High Sierra in our environment yet due to dependencies and the fact that it's not quite ready for prime time.