Apple is working on fix for newly discovered ‘FREAK’ security bug.

Photo: Jim Merithew/Cult of Mac

A newly discovered security bug has secretly left Safari users on both iOS and OS X vulnerable to attacks on hundreds of thousands of websites for years.

The ‘FREAK’ security flaw was exposed today by a group of nine researchers who discovered web browsers could be forced to use an intentionally-weakened form of encryption. FREAK effects iPhones, Macs, and Android browsers, but Apple’s spokesman says the company will release a fix next week.

Google’s representatives still haven’t commented on the FREAK security flaw, which is a result of U.S. government regulations that banned American companies from exporting the strong encryption standards. The restrictions were lifted in the late 90’s, but the weaker encryption was baked into software that proliferated around the world, and then made it back to the United States.

The bug was dubbed FREAK, for ‘Factoring RSA-EXPORT Keys’ and enables attackers to spy on communications of users with vulnerable software. The flaw went unnoticed for over a decade and left users vulnerable when visiting hundreds of thousands of websites, including Whitehouse.gov, NSA.gov, and FBI.gov.

Once a site was cracked, the researchers found they could steal passwords and other personal info, or launch attacks on the web sites by taking over elements of the page. Researchers found that Whitehouse.gov and FBI.gov have already been fixed, but NSA.gov is still vulnerable.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s