What Apple Users Need To Know About FREAK Attack

Popular articles

05 / 03 / 2015

What Apple Users Need To Know About FREAK Attack

Do you still think that Mac OS proper protected from hacker attacks? Now you can't say it for sure.

Do you still think that Mac OS proper protected from hacker attacks? Now you can't say it for sure.

Researchers have recently uncovered a major security flaw in software created by companies like Apple and Google, leaving many devices vulnerable to hacking attempts, reports The Washington Post.

The ‘FREAK’ security flaw was exposed 3rd of March by a group of nine researchers who discovered web browsers could be forced to use an intentionally-weakened form of encryption. FREAK effects iPhones, Macs, and Android browsers. Apple Inc. and Google Inc. both said Tuesday they have created software updates to fix the “FREAK attack” flaw, which derives its name from an acronym of ‘Factoring attack on RSA-EXPORT Keys’.

There's no evidence so far that any hackers have exploited the weakness, which companies are now moving to repair. Researchers blame the problem on an old government policy, abandoned over a decade ago, which required U.S. software makers to use weaker security in encryption programs sold overseas due to national security concerns.

What had happened?

OpenSSL and SecureTransport encrypt connections to online banking, webmail, and other HTTPS websites, and so much else on the internet, to thwart eavesdroppers.

It turns out the encryption used by OpenSSL and SecureTransport can be crippled by an attacker on your network: apps can be tricked into using weak encryption keys, allowing determined miscreants to pluck login cookies and other sensitive information out of your SSL-protected traffic.

"A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204," according to freakattack.com, a website explaining the security flaw.

You can visit freakattack.com to check if your web browser is vulnerable. Reg readers have told us that Google Chrome for OS X prior to version 41.0.2272.76, is flagged up as vulnerable.

A number of commercial website operators are also taking corrective action after being notified privately in recent weeks, said Matthew Green, a computer security researcher at Johns Hopkins University.

But some experts said the problem shows the danger of government policies that require any weakening of encryption code, even to help fight crime or threats to national security. They warned those policies could inadvertently provide access to hackers.

It's still looks like possible danger, but it's a signal to turn on Safe Browsing to prevent the possibility of attack.