Apple Releases Update That Secures Safari Against FREAK Attacks

By Kamal Nayan - 10 Mar '15 12:35PM

Apple has patched the FREAK flaw in Safari for iOS and Mac recently by releasing updates, according to reports.

The FREAK fix was a part of iOS 8.2 and OS X update labeled 2015-002 released for Yosemite, Mavericks and Mountain Lion.

"Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites," Apple stated in the accompanying advisories. "This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys."

According to Computerworld, the iOS 8.2 and OS X 2015-002 updates successfully patched Safari against FREAK. Previously, the browser on both operating systems had reported they were vulnerable when tested on FREAKattack.com, a site maintained by a group of computer scientists at the University of Michigan.

Apple's new update to fix FREAK vulnerability follows Google's update for Chrome released last week for Windows, OS X and Linux.

FREAK, for Factoring attack on RSA-EXPORT Keys, is a design flaw that could let cyber criminals silently force a browser-server connection to fall back to long-discarded encryption standards.

Browsers such as Google Chrome for Android and Internet Explorer, still remain open to the vulnerability.

iOS 8.2, which was released yesterday, patches five additional vulnerabilities.

Fun Stuff

The Next Read

Real Time Analytics