Apple, Google and Microsoft Devices Vulnerable to “FREAK” Security Flaw

Tech researchers some weeks back discovered a decade-old security flaw, dubbed “FREAK,” that leaves Apple and Google devices and Microsoft Windows PCs vulnerable to hacking.
Security Flaw Exploit (File Photo)

Tech researchers some weeks back discovered a decade-old security flaw, dubbed “FREAK,” that leaves Apple and Google devices and Microsoft Windows PCs vulnerable to hacking.

The attackers compromise these devices through Apple’s Safari browser and Android’s default browser when the user visits certain websites, even on mobile devices. Windows PCs are also vulnerable to the “FREAK” flaw.

Approximately 5.04 million websites may be at risk of this vulnerability, revealed Mathew Green, a cryptographer from John Hopkins University.

The vulnerability stems from a former U.S. government policy that required U.S. software manufacturers to produce weakened encryption programs to overseas markets. The policy is no longer in affect, but the weakened encryption continues to be used by many foreign software companies.

The flaw allows a cybercriminal to break the secure connection between a device’s Web browser and websites and spy on their activities. Vulnerable encrypted networks include Secure Socket Layer (SSL) and Transport Layer Security (TLS) connections.

Hackers can exploit the flaw and use it to commit fraud or identity theft.

Apple released a security announcement explaining the impact of “FREAK” in further detail. The flaw affects iPhone models 4s and later, iPod touch (5th generation) and later, and iPad 2 and later.

There is no evidence hackers have begun to exploit this weakness, but technology companies are still working diligently to find a patch.

Apple this week released the following updates: iOS 8.2, Apple TV 7.1 and Mac OS X Mountain Lion, Mavericks and Yosemite, which remedy the “FREAK” flaw. Apple users should download these updates immediately and avoid using their web browser until doing so.

Google and Microsoft customers should stay vigilant for new updates and refrain from surfing the Web on unsecure browsers. Web browsers not affected by the “FREAK” flaw include Google Chrome and Mozilla Firefox.

A “FREAK” flaw Web browser test is also available for concerned individuals.

Via B2C