Skip to main content

Apple stops the 'FREAK' in its tracks

Safari in OS X
Safari in OS X

Apple has issued a new security update in order to protect its range of products from the so-called "FREAK" vulnerability.

The updates, which cover OS X as well as iOS and AppleTV, address the vulnerability that is able to take advantage of a flaw in SSL/TSL connections and allow secure communications to be manipulated.

FREAK, or factoring attack on RSA-EXPORT keys, allows attackers to decrypt traffic sent over an HTTPS connection between end users and websites. Attackers are able to use the exploit when an end-user using a vulnerable device connects to an HTTPS-protected site that is also vulnerable and the only ones at risk are sites using a weak cipher that was supposed to have been retired a while ago.

How to update

Attackers can manipulate this by introducing a weaker 512-bit encryption key into the protected session and then collecting any information passed over this exchange by using a low-cost method in the cloud.

AppleTV 7.1, iOS 8.2 and Security Update 2015-002 can all be downloaded on the relevant devices and doing so protects against information being pilfered by attackers.

Via: Apple