Apple is working on fix for newly discovered ‘FREAK’ security bug

By

This login screen for a Quanta Computer database led to sensitive documents containing details on upcoming Apple products. Photo: Jim Merithew/Cult of Mac
The Freak bug went unnoticed for over a decade. Photo: Jim Merithew/Cult of Mac

A newly discovered security bug has secretly left Safari users on both iOS and OS X vulnerable to attacks on hundreds of thousands of websites for years.

The ‘FREAK’ security flaw was exposed today by a group of nine researchers who discovered web browsers could be forced to use an intentionally-weakened form of encryption. FREAK effects iPhones, Macs, and Android browsers, but Apple’s spokesman says the company will release a fix next week.

Google’s representatives still haven’t commented on the FREAK security flaw, which is a result of U.S. government regulations that banned American companies from exporting the strong encryption standards. The restrictions were lifted in the late 90’s, but the weaker encryption was baked into software that proliferated around the world, and then made it back to the United States.

The bug was dubbed FREAK, for ‘Factoring RSA-EXPORT Keys’ and enables attackers to spy on communications of users with vulnerable software. The flaw went unnoticed for over a decade and left users vulnerable when visiting hundreds of thousands of websites, including Whitehouse.gov, NSA.gov, and FBI.gov.

Once a site was cracked, the researchers found they could steal passwords and other personal info, or launch attacks on the web sites by taking over elements of the page. Researchers found that Whitehouse.gov and FBI.gov have already been fixed, but NSA.gov is still vulnerable.

Via: Reuters

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.