Freak SSL

Apple and Cisco Bid Adieu to Freak SSL

March 27, 2015 | By Editor 

FREAK (Factoring RSA Export Keys) attack is a SSL/TLS vulnerability and was initially announced on March 3, 2015. The vulnerability was found by Karthikeyan Bhargavan in PARIS. The vulnerability interrupts and interferes with the HTTPS connections between web server and vulnerable client thereby weakening the encryption for the hacker to manipulate and steal users’ personal data and sensitive information.

Apple’s Safari web browser, the browser of Android operating system, Internet Explorer from Microsoft, and OpenSSL are the browsers and devices that are vulnerable to FREAK attack.

Cisco and Apple have come out with fixes against FREAK vulnerability which threatens the communications and transactions that are encrypted. One step in advance, Cisco is carrying out the inspection to examine if the ‘rowhammer’ DRAM bug a new entrant of malware does affect any of its products

Apple updated its IOS and it is looking at fixing security bugs at a serious note making it happen to fix even the most sought after FREAK. Pushing FREAK fixes in Mac OS X and Apple TV devices worldwide. Even the latest iOS 8.2 release was updated with security patch for the mobile OS of Apple against FREAK.

FREAK fix was also released by Microsoft for its TLS implementation, Schannel. Google has rolled out security fixes against FREAK attack for Chrome on both desktop and Android.

Vulnerable Impact of FREAK bug

The Freak bug attacks and infects OS X Mavericks v10.9.5, OS X Mountain Lion v10.8.5 and OS X Yosemite v10.10.2. Researchers at Apple have concluded with a fix in its Security Update 2015-002. Apple TV version 7.1 is updated to encounter the flaw.

The FREAK bug probes a man in the middle attack and let the attacker to access and decrypt the HTTPS connections that are secured through outdated SSL encryption. Apple Safari is aleady under a huge level of obstruction as it uses Secure Transport that implements TLS. The RSA keys are short lived and is accepted by Secure Transport, this is most commonly incorporated in connections to servers that dealt support with RSA cipher suites. With all the updates and fixes FREAK is no more the latest SSL Bug to encounter.

Posted in Freak SSL

Be Sociable, Share!

Leave a Comment


* fields are mandatory