Apple released a new patch on Monday designed to fight FREAK attacks. The patches are available for iOS and OS X. The tech giant gave two accompanying advisories for the FREAK fix in iOS 8.2, OS X Yosemite, Mavericks and Mountain Lion.
The vulnerability issue has actually been around for decades. It is found implemented in encrypted links between software and browsers. A small team of security researchers launched attacks from sites that were supposedly secure and forced them to use weaker encryption that usually cracked within hours.
Apple launches patches for Safari
This update requires users to install the latest version of iOS version of 8.2. The OS patch is available for Yosemite, Maverick and Mountain Lion. Mac users will receive a notification prompting the upgrade. Apple TV users will also have to update the system to 7.1.
Freak (which stands for Factoring attack on RSA-EXPORT keys) is an operating system design flaw that could potentially allow cyber criminals to silently force browser server connection to revert back to low-encryption standards. Those low-encryption standards make it easy for hackers to crack security with the right software programs.
A brief look at attack scenarios
The most likely attack scenario would be a man-in-the-middle attack. This kind of attack occurs when hackers get between computer users and servers on insecure WiFi networks. Apple’s Safari browser in OS X and iOS could use weaker cipher libraries that were once only allowed for export outside the United States. The rules have been relaxed since then and later abandoned altogether. However, browsers and servers sometimes support the fallback.
Apple is on the ball with this recent fix, but other companies have yet to get on board. The Chrome browser and Android operating system remain vulnerable. However, Google’s Chrome 41 beta is safe. Microsoft confirmed the issue but has yet to roll out a repair or fix.