Apple Issues Security Updates Fixing ‘FREAK’ Security Flaw [Mac Blog]
Just under a week after researchers uncovered a security flaw referred to as “FREAK” (Factoring Attack on RSA-EXPORT Keys) that left many devices vulnerable to hacking attempts, Apple has issued fixes for all of its platforms.
The fix is available in Apple TV 7.1 for Apple TV 3rd generation and later, iOS 8.2 for iPhone 4s and later, iPod touch 5th generation and later and iPad 2 and later. It’s also available for Macs with OS X Mountain Lion 10.8.5, Mavericks 10.9.5 and Yosemite 10.10.2.
The vulnerability had stemmed from a former U.S. government policy that prevented companies from exporting strong encryption, instead requiring them to create weak “export-grade” products to ship to its customers outside of the United States. Though the policy was lifted more than a decade ago, the weaker encryption continued to be used by software companies.
Apple’s fix addresses the issue by removing support for those weak “export grade” products, also known as RSA keys.
The updates for iOS 8.2, Apple TV 7.1 and Mac OS X Mountain Lion, Mavericks and Yosemite are available now.
AIVAnet 